145 lines
5.5 KiB
HTML
145 lines
5.5 KiB
HTML
<!--startcut ======================================================= -->
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
|
<html>
|
|
<head>
|
|
<META NAME="generator" CONTENT="lgazmail v1.3E.n">
|
|
<TITLE>The Answer Gang 62: IP Forwarding</TITLE>
|
|
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
|
|
LINK="#3366FF" VLINK="#A000A0">
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<P> <hr>
|
|
<CENTER>
|
|
<!-- *** BEGIN navbar *** -->
|
|
<!-- *** END navbar *** -->
|
|
</CENTER>
|
|
</p>
|
|
<P> <hr> <P>
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<center>
|
|
<H1><A NAME="answer">
|
|
<img src="../../gx/dennis/qbubble.gif" alt="(?)"
|
|
border="0" align="middle">
|
|
<font color="#B03060">The Answer Gang</font>
|
|
<img src="../../gx/dennis/bbubble.gif" alt="(!)"
|
|
border="0" align="middle">
|
|
</A></H1>
|
|
<BR>
|
|
<H4>By Jim Dennis, Ben Okopnik, Dan Wilder, Breen Mullins, Mitchell Bruntel,
|
|
the Editors of Linux Gazette...
|
|
and You!
|
|
<br>Send questions (or interesting answers) to
|
|
<a href="mailto:linux-questions-only@ssc.com">linux-questions-only@ssc.com</a>
|
|
</H4>
|
|
</center>
|
|
|
|
<p><hr><p>
|
|
<!-- endcut ======================================================= -->
|
|
<!-- begin 6 -->
|
|
<H3 align="left"><img src="../../gx/dennis/qbubble.gif"
|
|
height="50" width="60" alt="(?) " border="0"
|
|
>IP Forwarding</H3>
|
|
|
|
|
|
<p><strong>From Cole Ragland
|
|
</strong></p>
|
|
<p align="right"><strong>Answered By Mike Orr
|
|
<br></strong></p>
|
|
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
I have a <A HREF="http://www.slackware.org/">Slackware</A> machine acting as a gateway/router between two
|
|
separate networks e.g. 172.29.17.0 and 10.10.3.0. This machine is
|
|
mulithomed with eth0=172.29.17.19 and eth1=10.10.3.10. Packets from the
|
|
10.10 .3 network cannot get passed eth0. I've enable ip forwarding e.g.
|
|
"echo 1 ip_forward" but I believe that is only for routing between
|
|
subnets. How can I route between two separate networks. I'm thinking
|
|
ip_chains, ipmasq, and routed (which I have to fire up manually -- if I
|
|
uncomment rc.inet2 lines, machine stalls at boot) but not sure. Thanks
|
|
for your help.
|
|
</STRONG></P>
|
|
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
> [Mike]
|
|
If your internal network had public IPs, you would need only IP forwarding.
|
|
However, 10.x.x.x IPs are reserved for private networks, and Internet
|
|
routers automatically reject them. So even if your request does go out,
|
|
there's no way for replies to get back to you. The trick is to use IP
|
|
Masquerading.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
If you're using kernel 2.2.x, the minimal commands required in your startup
|
|
scripts are:
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE><pre>
|
|
echo "1" > /proc/sys/net/ipv4/ip_forward
|
|
# Enable forwarding between eth0 and eth1.
|
|
/sbin/ipchains -P forward DENY
|
|
# Forbid all other types of forwarding.
|
|
/sbin/ipchains -A forward -s 10.0.0.0/8 -j MASQ
|
|
# Forward and masquerade requests from 10.x.x.x and handle replies back
|
|
</pre></BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
This will handle ordinary TCP services. FTP, ping, irc, CuSeeme, Quake
|
|
also require additional modules in order to be masqueraded.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
You can also build a more elaborate ipchains ruleset to customize security.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE><DL><DT>
|
|
A similar thread is in last month's The Answer Gang.
|
|
<DD><A HREF="../../issue61/lg_answer61.html#tag/5"
|
|
>http://www.linuxgazette.com/issue61/lg_answer61.html#tag/5</A>
|
|
</DL></BLOCKQUOTE>
|
|
|
|
|
|
<!-- end 6 -->
|
|
<!--startcut ======================================================= -->
|
|
<P> <hr> </p>
|
|
<!-- *** BEGIN copyright *** -->
|
|
<H5 align="center">This page edited and maintained by the Editors
|
|
of <I>Linux Gazette</I>
|
|
<a href="http://www.linuxgazette.com/copying.html"
|
|
>Copyright ©</a> 2001
|
|
<BR>Published in issue 62 of <I>Linux Gazette</I> February 2001</H5>
|
|
<H6 ALIGN="center">HTML script maintained by
|
|
<A HREF="mailto:star@starshine.org">Heather Stern</a> of
|
|
Starshine Technical Services,
|
|
<A HREF="http://www.starshine.org/">http://www.starshine.org/</A>
|
|
</H6>
|
|
<!-- *** END copyright *** -->
|
|
<P> <hr>
|
|
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<p align="center">
|
|
<table width="100%" border="0"><tr>
|
|
<td align="right" valign="center"
|
|
><IMG ALT="" SRC="../../gx/navbar/left.jpg"
|
|
WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="middle" border="0">
|
|
<A HREF="../lg_answer62.html"
|
|
><IMG SRC="../../gx/dennis/answertoc.jpg" align="middle"
|
|
ALT="[ Answer Guy Current Index ]" border="0"></A></td>
|
|
<td align="center" valign="center"><A HREF="../lg_answer62.html#greeting"><img align="middle"
|
|
src="../../gx/dennis/smily.gif" alt="greetings" border="0"></A>
|
|
<A HREF="1.html">1</A>
|
|
<A HREF="2.html">2</A>
|
|
<A HREF="3.html">3</A>
|
|
<A HREF="4.html">4</A>
|
|
<A HREF="5.html">5</A>
|
|
<A HREF="6.html">6</A>
|
|
<A HREF="7.html">7</A></td>
|
|
<td align="left" valign="center"><A HREF="../../tag/kb.html"
|
|
><IMG SRC="../../gx/dennis/answerpast.jpg" align="middle"
|
|
ALT="[ Index of Past Answers ]" border="0"></A>
|
|
<IMG ALT="" SRC="../../gx/navbar/right.jpg" align="middle"
|
|
WIDTH="14" HEIGHT="45" BORDER="0"></td></tr></table>
|
|
</p>
|
|
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<P> <hr>
|
|
<CENTER>
|
|
<!-- *** BEGIN navbar *** -->
|
|
<!-- *** END navbar *** -->
|
|
</CENTER>
|
|
</p>
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
</BODY></HTML>
|
|
<!--endcut ========================================================= -->
|