Search This Blog

Sunday, July 31, 2005

Re: IP Routing

Hi.

On 7/31/05, Shafiuddin russel <russel_lf@yahoo.com> wrote:
>
>
> Hello,
>
>
>
> I have debian linux machine with public IP 69.88.12.185. I wana route two
> different private network 192.168.0.0 and 192.168.1.0 through my PC to GW
> 69.88.12.161.
>
>
>
> I have done the following process but not succeeded.
>
>
>
> Step:1
>
>
>
> #Ifconfig eth0 69.88.12.185 netmask 255.255.255.244
>
> #ifconfig eth0:0 192.168.0.1 netmask 255.255.255.0
>
> #ifconfig eth0:1 192.168.1.1 netmask 255.255.255.0

You might want to add these configurations to /etc/network/interfaces

>
>
> Step:2
>
> #cat /etc/network/options
> ip_forward=yes
> spoofprotect=yes
> syncookies=no

It would be better to enable syncookies

>
>
>
> Step :3
>
> # cat /proc/sys/net/ipv4/ip_forward
> 1
> Step 4:
> # route add –net 192.168.0.0 netmask 255.255.255.0 gw 69.88.12.161
>
> # route add –net 192.168.1.0 netmask 255.255.255.0 gw 69.88.12.161
> # route add default gw 69.88.12.161
> pls help if possible. I will appreciated u kind assistance.
> Russel………..

You don't say it, but I think you actually want to give Internet access
to your local machines using your connection (which has IP 69.88.12.185)
using 192.168.0.1 and 192.168.1.1 as the gateways of the internal sub nets.

In this case, a "route add -net" is not what you need.

You need to do SNAT in step 4:

# iptables -t nat -A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth0
-j SNAT --to-source 69.88.12.185
# iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.0 -o eth0
-j SNAT --to-source 69.88.12.185

route add default gw 69.88.12.161

Once you're done, try to use /etc/network/interfaces to add some of your network
configuration.

Regards,
Nelson.

PS:

Once you get it to work, read a little about iptables and try to
protect yourself.
Check this out later: http://cgi.afc.no-ip.info/svnwiki.cgi/default/firewalls
This tip is different, because 2 NICs are used.

--
Homepage : http://geocities.com/arhuaco

The first principle is that you must not fool yourself
and you are the easiest person to fool.
-- Richard Feynman.

No comments: