iptables and dual nic configuration

Issues related to configuring your network
Post Reply
subodh
Posts: 3
Joined: 2006/12/13 06:25:11

iptables and dual nic configuration

Post by subodh » 2006/12/13 06:37:25

Hello,

I have a box with centos 4 installed. The box has 2 nic configured as follows.

ifconfig -a
===============================================
eth0 Link encap:Ethernet HWaddr 00:C0:26:A1:B0:6C
inet addr:172.50.1.99 Bcast:172.50.1.255 Mask:255.255.255.0
inet6 addr: fe80::2c0:26ff:fea1:b06c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:758 errors:0 dropped:0 overruns:0 frame:0
TX packets:343 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:177744 (173.5 KiB) TX bytes:43758 (42.7 KiB)
Interrupt:209 Base address:0xa400

eth1 Link encap:Ethernet HWaddr 00:13:D4:1D:14:38
inet addr:172.45.1.1 Bcast:172.45.1.255 Mask:255.255.255.0
inet6 addr: fe80::213:d4ff:fe1d:1438/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:100 errors:0 dropped:0 overruns:0 frame:0
TX packets:110 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:17948 (17.5 KiB) TX bytes:15931 (15.5 KiB)
Interrupt:201 Base address:0x6000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:900 (900.0 b) TX bytes:900 (900.0 b)

sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
==========================================

route
=================================================
route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.45.1.0 * 255.255.255.0 U 0 0 0 eth1
172.50.1.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
default 172.50.1.1 0.0.0.0 UG 0 0 0 eth0
==============================================


I have also run the ip forwarding commands as follows.

sysctl -w net.ipv4.ip_forward=1

sysctl -p /etc/sysctl.conf

net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1


Needed working scenario is as follows.

Any traffic comming in from the 172.45.1.0 subnet should be able to access the 172.50.1.0 subnet and viceversa.

I am going all confused doing all sorta reading and configuration and messing the entire thing.

Please, if anyone can help me sort out this mess , i would be damn grateful.

Hoping to see the light at the end of this iptables tunnel.

Thanks,

Subodh

rapo1
Posts: 27
Joined: 2006/06/20 11:43:02
Location: Munich

iptables and dual nic configuration

Post by rapo1 » 2006/12/13 10:58:53

Hi subodh

I think you have to give the routes to the clients

clients in subnet 172.50.1.0/24
route add -net 172.45.1.0 gw 172.50.1.99 netmask 255.255.255.0

clients in subnet 172.45.1.0/24
route add -net 172.50.1.0 gw 172.45.1.1 netmask 255.255.255.0

Gateway (gw) is the ip-address of your eth in your centos referring to the subnet.

Or maybe it´ll work if you use them as broadcast-ip in the subnets instead of configuring the route in any client. (but i don´t really know if that works)

Hope that´ll fix the Problem

rapo1

rapo1
Posts: 27
Joined: 2006/06/20 11:43:02
Location: Munich

Re: iptables and dual nic configuration

Post by rapo1 » 2006/12/13 12:34:19

[quote]
Or maybe it´ll work if you use them as broadcast-ip in the subnets instead of configuring the route in any client. (but i don´t really know if that works)
[/quote]

Sorry - not broadcast-ip - configure as standard gateway

subodh
Posts: 3
Joined: 2006/12/13 06:25:11

Re: iptables and dual nic configuration

Post by subodh » 2006/12/15 09:19:51

Hello,

Thanks for the help and advice. In addition, i also found the following extremely helpful towards providing a working solution :-).

http://www.lartc.org/lartc.html [ especially chapter: 4]

Regards,
Subodh

Post Reply

Return to “CentOS 4 - Networking Support”