Hi all, thanks a lot for the hints. Infact there was a typo with eth0 there :). So Oskar you mean that instead of using the 3rd rule to use something like: iptables -A POSTROUTING -t nat -o 3g0 -j MASQUERADE in case that the ip of the 3g interface is not static, right? Thanks a lot again for the tips ! --- On Wed, 10/7/09, Oskar Berggren <oskar.berggren@xxxxxxxxx> wrote: > From: Oskar Berggren <oskar.berggren@xxxxxxxxx> > Subject: Re: Forward traffic between two interfaces on the same host > To: "Kostas Pelechrinis" <kpele_ntua@xxxxxxxxx>, netfilter@xxxxxxxxxxxxxxx > Date: Wednesday, October 7, 2009, 12:24 PM > 2009/10/7 Richard Horton <richard.horton@xxxxxxxxxxxxxx>: > > 2009/10/7 Kostas Pelechrinis <kpele_ntua@xxxxxxxxx>: > >> Hi all, > >> > >> I am new in using iptables so I would like to do a > few questions for something that maybe many of you find easy > :) > >> > >> In particular, I have a laptop with two wireless > interfaces, a Wifi and a 3G. I would like to share the 3G > broadband connection available on this laptop with other > machines within my home/internal network through the wifi > interface. I would like to ask if such functionality is > possible to be implemented using iptables. > >> > >> Even more specific what I need is a 'relay'-like > functionality. Let's assume that laptop A has the two > interfaces and laptop B has only a wifi interface. > Laptop-B will be connected with laptop A through the wifi > and laptop A needs to serve all the internet requests of > laptop B through the 3G usb modem interface. > >> > >> I think that I need to use rules like the > following for laptop A : > >> > >> (I use the names wifi0 and 3g0 for the > corresponding interfaces and xxx.yyy.zzz.www for the ip of > the 3G interface) > >> iptables -A FORWARD -i wifi0 -o 3g0 -j ACCEPT > >> iptables -A FORWARD -i 3g0 -o wifi0 -m state > --state ESTABLISHED,RELATED -j ACCEPT > >> iptables -A POSTROUTING -t nat -s 192.168.0.0/24 > -o eth0 -j SNAT --to-source xxx.yyy.zzz.www > >> > >> Do I miss something here ? Do I need to take > care of something else as well? > > > > Check that forwarding is turned on in the kernel... > > > > sysctl net.ipv4.ip_forward should return > net.ipv4.ip_forward=1, if it > > doesn't execute 'sysctl -w net.ipv4.ip_forward=1' to > enable it. > > > > Not sure on the NAT rules as I have very little to do > with NAT as > > we're using iptables on a private internal network > where the address > > space in the private ranges is more than adequate > enough (using all 3 > > classes of private addresses) > > > > > > > In addition to Richard's comments: It seems wrong to > suddenly have > eth0 on the nat-rule instead of 3g0. Also, if you get a > dynamic > ip-address on the 3g-interface, you might want to use > MASQUERADE > instead of SNAT. > > /Oskar > -- > To unsubscribe from this list: send the line "unsubscribe > netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
