J. Bakshi wrote:
> J. Bakshi wrote:
>
>> Dear list,
>>
>> I have ip_forwarding running well on my gateway since long. The
>> configuration is simple to allow a linux box to work as a gateway.
>>
>> #### my old ip_forwarding rule ########
>>
>> echo 1 > /proc/sys/net/ipv4/ip_forward
>>
>> iptables -A FORWARD -i ${WAN_IFACE} -o ${LAN_IFACE} -s 192.168.1.0/24 -m
>> conntrack --ctstate NEW -j ACCEPT
>> iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
>> iptables -A POSTROUTING -t nat -j MASQUERADE
>> ##############
>>
>> With a 2.6.X series of kernel and 2 NIC cards the box is working as a
>> gateway. But now I like to add some more fine tuned control. I have
>> created a routing table at /etc/iproute2/rt_tables and I want to
>> *force* the traffic to pass within ${WAN_IFACE} and ${LAN_IFACE} or to
>> go through the table I have created for routing.
>> It might me
>>
>> 1] ${WAN_IFACE} <--- ip_forwarding always between these two interfaces
>> ---> ${LAN_IFACE}
>>
>> OR
>>
>> 2] ${WAN_IFACE} <--> [routing table] <--- route always via these
>> table from these two interfaces ---> ${LAN_IFACE}
>>
>>
>> Could any one kindly suggest any possible modification of the above rule ?
>>
>> One possible solution can be ( collected from net )
>>
>> ` ` `
>> # iptables --table ${tablename} --append POSTROUTING --out-interface
>> ${WAN_IFACE} -j MASQUERADE
>> # iptables --append FORWARD --in-interface ${LAN_IFACE} -j ACCEPT
>> ` ` `
>>
>> But I have no idea if it can do the job in right way. Any more robust
>> configuration ?
>>
>>
>
> PS: And the requirement is two implement dual gateway is a single box
>
>
>
Did some more reading. It is called "multi homed linux router" . Could
any one provide a working configuration please ?
Thanks
--
জয়দীপ বক্সী
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
