1

iptables - route through two external interfaces?

view story
linux-howto

http://unix.stackexchange.com – Scenario: eth0 = LAN eth1 = Internet eth2 = Internet I would like to force all traffic from eth0 between ports 1-443 through eth1 and the rest on eth2. How to go about it? I've managed to get it working so that my client on eth0 can access the internet on eth1 without a problem using standard two line POSTROUTING: iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE iptables --append FORWARD --in-interface eth0 -j ACCEPT My question is how i add port control to it and if it's as simple as adding another POSTROUTING on another out interface or will tha (HowTos)

Danial's picture
Submitted by Danial on 12/15/2012

Stories similar to iptables - route through two external interfaces?

I'm wondering about this, and I can't seem to find an explanation on the internet. I have a linux gateway which has multiple interfaces:

eth0: external ip eth1: 172.16.1.1/24 eth2: 172.16.2.1/24 ip_forward is enabled.

IPtables is configured to NAT traffic from eth1 -> eth0 and eth2 -> eth0.

I am trying to recreate this behaviour using iptables under ubuntu :

Let's say we have 3 interfaces : eth0, eth1 and eth2. I must forward the traffic through a VPN interface vpn0. Then, I must assure that the incoming traffic through the VPN is redirected correctly to the right interface ( eth0, eth1 or eth2 ).

I have searched long for an answer, but didn't find anything truly usefull.

iptables - ip filtering 2 years 25 weeks ago

Hi Gentlemen!

I'm trying to write an iptables config file, but got stuck.

So I want to define an IP range that allows full access eth0-eth1 forwarding, and another that is allowed to access some special ip-s. The first part works, I could make the range has full access:

iptables -A FORWARD -m iprange --src-range 192.168.80.20-192.168.80.40 -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -m state

I have a machine working like gateway and have two network interfaces:

eth0 LAN : 192.168.1.0/24 eth1 WAN : XXX.XXX.XXX.XXX (my public ip)

This machine has 3 VM guest over virtualbox.

Further to my earlier question about bridging different subnets - I now need to route requests for one particular IP address differently to all other traffic.

I have the following routing in my iptables on our router:

# Allow established connections, and those !not!

I have a basic setup that requires the following Client -> iptables DNAT -> Server using udp messaging:

The configuration I have on my client is: (my server is 172.33.1.30)

ifconfig eth0:1 172.32.1.10 netmask 255.255.0.0 ifconfig eth1 172.33.1.10 netmask 255.255.0.0 iptables -t nat -A PREROUTING -p udp -i eth0 -d 172.32.1.10 --dport 1001 -j DNAT --to 172.33.1.30 iptables -A FORWARD -p udp -i et

I want to setup a VPN server for personal use, so I follow the blog article [1], and it work like a charm.

The only thing I am wondering is if the iptable's rule secure, e.g.

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

And I have only one public interface eth0, are there any risk in using the rule above?

From other place, I see other alternatives of iptable rules, e.g.

1.

sudo ipta

Scenario: I have one ubuntu server with two interfaces eth0 and eth1. eth0 = public ip(external ip...lets say 77.77.77.77) eth1 = intranet network(192.168.1.1)

I would like to forward all incoming traffic on port 2222 on my eth0(meaning all outside traffic that comes to 77.77.77.77) to some ip in my intranet network:192.168.1.8 on port 80.

Current firewall settings look like:

:INPUT ACCEPT

Hi,

My Ubuntu Box has 3 interfaces. eth0 (Internal 192.168.1.0/24) eth1 (External ISP DHCP) eth2 (External ISP Static IP) I need the outgoing traffic to internet for 1 of the internal pc (192.168.1.10) to only go only go through eth2.

How do i write using iptables to do the above? Thanks.