Dear list,
I have ip_forwarding running well on my gateway since long. The
configuration is simple to allow a linux box to work as a gateway.
#### my old ip_forwarding rule ########
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A FORWARD -i ${WAN_IFACE} -o ${LAN_IFACE} -s 192.168.1.0/24 -m
conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A POSTROUTING -t nat -j MASQUERADE
##############
With a 2.6.X series of kernel and 2 NIC cards the box is working as a
gateway. But now I like to add some more fine tuned control. I have
created a routing table at /etc/iproute2/rt_tables and I want to
*force* the traffic to pass within ${WAN_IFACE} and ${LAN_IFACE} or to
go through the table I have created for routing.
It might me
1] ${WAN_IFACE} <--- ip_forwarding always between these two interfaces
---> ${LAN_IFACE}
OR
2] ${WAN_IFACE} <--> [routing table] <--- route always via these
table from these two interfaces ---> ${LAN_IFACE}
Could any one kindly suggest any possible modification of the above rule ?
One possible solution can be ( collected from net )
` ` `
# iptables --table ${tablename} --append POSTROUTING --out-interface
${WAN_IFACE} -j MASQUERADE
# iptables --append FORWARD --in-interface ${LAN_IFACE} -j ACCEPT
` ` `
But I have no idea if it can do the job in right way. Any more robust
configuration ?
Thanks
--
জয়দীপ বক্সী
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
