Iptables gurus, I have been trying to implement a solution using 2 iptables boxes as routers for traffic between two hosts on two different networks. I have four different machine that I would like to have traffic routed between: Machine 1 - Client A - IP : A.A.A.A Machine 2 - iptables Machine A - IP: B.B.B.B (One interface only) Machine 3 - iptables Macine B - IP: C.C.C.C (One interface only) Machine 4 - Client B - IP: D.D.D.D What I would like to accomplish is to have traffic from Client A route traffic through iptables Machine A which then sends the traffic to iptables Machine B when then forwards the traffic to Client B and the reverse as well. I would also like for the IP address of Client A to be visible to Client B. I have tried various scenarios with PREROUTING (DNAT) and FORWARDING rules with no success. The connection either seems to hang to or I get error stating no route to host. Also forwarding is enabled on each of the iptables machine. Below are the rules that I have tried to use: Firewall rules from Machine 2 - Iptables Machine A # Generated by iptables-save v1.4.12 on Fri Jun 1 12:26:55 2012 *nat :PREROUTING ACCEPT [142418:19715843] :INPUT ACCEPT [21:8744] :OUTPUT ACCEPT [8437:405020] :POSTROUTING ACCEPT [8439:405588] -A PREROUTING -d D.D.D.D/32 -j DNAT --to-destination C.C.C.C COMMIT # Completed on Fri Jun 1 12:26:55 2012 # Generated by iptables-save v1.4.12 on Fri Jun 1 12:26:55 2012 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [43:4084] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A FORWARD -d C.C.C.C/32 -j ACCEPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Fri Jun 1 12:26:55 2012 Firewall rules from Machine 3 - Iptables Machine B # Generated by iptables-save v1.4.12 on Fri Jun 1 12:27:51 2012 *nat :PREROUTING ACCEPT [53576:4590151] :INPUT ACCEPT [11:4620] :OUTPUT ACCEPT [64:4512] :POSTROUTING ACCEPT [65:5012] -A PREROUTING -d A.A.A.A/32 -j DNAT --to-destination B.B.B.B COMMIT # Completed on Fri Jun 1 12:27:51 2012 # Generated by iptables-save v1.4.12 on Fri Jun 1 12:27:51 2012 *filter :INPUT DROP [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [48:4544] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A FORWARD -d B.B.B.B/32 -j ACCEPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Fri Jun 1 12:27:51 2012 Any help is appreciated. Regards, Sajesh -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
