Deags Posted January 7, 2009 Share Posted January 7, 2009 what rule would i use to say make all traffic heading(ie on the way) out of eth1 from ip 192.168.1.12 which comes in via eth0 go out ppp0 instead. i do not want to change the deafault gateway. would like to use iptables if possible. Quote Link to comment Share on other sites More sharing options...
ansichild Posted January 7, 2009 Share Posted January 7, 2009 This is more of a routing issue, not a firewall issue. Do something like this... # route add -host 192.168.1.12 gw <insert the IP of the default gw of ppp0 here> That changes the default gateway for that host only. then to open the firewall you'd want to do something like... iptables -A FORWARD -s 192.168.1.12 -i eth0 -j ACCEPT iptables -A FORWARD -d 192.168.1.12 -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT That should do it. Quote Link to comment Share on other sites More sharing options...
Deags Posted January 8, 2009 Author Share Posted January 8, 2009 route add -host 192.168.1.12 gw <insert the IP of the default gw of ppp0 here> fails... with that 192.168.1.12 can't even access 192.168.1.1 Quote Link to comment Share on other sites More sharing options...
ansichild Posted January 8, 2009 Share Posted January 8, 2009 I think you might be missing something. I assume the ppp0 interface has some kind of a default gateway for the next hop? What is it? networks usually set up like... LAN Workstations -> Firewall 192.168.1.12 eth0 (192.168.1.1) 192.168.1.10 eth1 (197.98.1.22) -> router gateway (197.98.1.1) 192.168.1.11 ppp0 (10.33.44.22) -> dialup gateway (10.33.44.1) So if I want the workstation 192.168.1.12 (on the LAN) to use the dialup interface as its gateway I'd add a line on the firewall like... # route add -host 192.168.1.12 gw 10.33.44.1 Come to think of it, you'll probably have to do a NAT on that interface too. Something like... # iptables -A POSTROUTING -o ppp0 -j SNAT --to-source 10.33.44.22 Then you'd want to allow all the traffic like... iptables -A FORWARD -s 192.168.1.12 -i eth0 -j ACCEPT iptables -A FORWARD -d 192.168.1.12 -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT These are just examples mind you, so insert your own IPs instead of mine, don't type them verbatim. route add -host 192.168.1.12 gw <insert the IP of the default gw of ppp0 here> fails... with that 192.168.1.12 can't even access 192.168.1.1 Quote Link to comment Share on other sites More sharing options...
Deags Posted January 11, 2009 Author Share Posted January 11, 2009 http://ubuntuforums.org/showthread.php?t=1036423 seems things just are not going my way. Quote Link to comment Share on other sites More sharing options...
cooper Posted January 12, 2009 Share Posted January 12, 2009 # route add -host 192.168.1.12 gw <insert the IP of the default gw of ppp0 here> What you're saying with this command is "When traffic handled by this machine is destined for machine 192.168.1.12, send the traffic on to machine <insert ip..> as it knows how to deal with it" What Deags wants is "When traffic comes from machine ...12 to this machine, send it out via ppp0" so I think he should do something like this: # Agree to forward packets from ...12 arriving via eth0. iptables -A FORWARD -i eth0 -s 192.168.1.12 -j ACCEPT # When an outgoing packet came from ...12 send it out via ppp0. iptables -A OUTPUT -s 192.168.1.12 -o ppp0 It goes without saying that I didn't test this, but it might be worth a shot. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.