TransWikia.com

How to configure iptables rules for connecting 2 eth to the net (forwarding & masquerading)

Server Fault Asked by AjPrames on January 9, 2021

need some help on configuring iptables rule for forwarding and masquerading

Given I have these configuration:

switch1 —- (eth1) —– router —- (eth2) —– switch2
                                             |
                                             |
                                         (eth0)
                                             |
                                             |
                                      internet

where multiple PCs are connected though switch1 and switch2 as well

i’m running this network on a Ubuntu Server where I assume eth1 and eth2 have the same IP address since the default gateway for all the connected PCs is the IP address of this router.

so what i did are :

  • go to /etc/sysctl.conf and uncomment the net.ipv4.ip_forward = 1
  • go to /etc/rc.local and add rules for iptables such as :

    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
    iptables -A FORWARD -i eth2 -o eth0 -j ACCEPT
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

  • and for the router network’s interfaces configuration, go to /etc/network/interfaces

    auto lo
    iface lo inet loopback

    auto eth0
    iface eth0 inet static
    address 10.151.74.30
    netmask 255.255.255.252
    gateway 10.151.74.29

    auto eth1
    iface eth1 inet static
    address 172.16.0.1
    netmask 255.255.255.0

    auto eth2
    iface eth2 inet static
    address 172.16.0.1
    netmask 255.255.255.0


    So the problem is that all the PCs connected to the router through eth2 can’t connect to the internet (tuntap) but all the PCs connected trough the eth1 can do.

    Thus, is there anything I miss on configuring the iptables? Or did I misunderstood?
    Help and suggestions are really appreciated. I just started on learning comp networking a month ago, so basically need a guidance here. Thanks a lot 🙂

    forwardingiptablesmasquerade

    • One Answer

    You can not have 2 interfaces with the same IP address. Moreover it will not work like that even if you change one interface's IP address to another address in the same network (say 172.16.0.2).

    Why do you need 2 interfaces in same network? Do switches switch1 and switch2 see each other or are they separated?

    If they see each other then there is definitely something wrong with your configuration.

    If they don't, you can set up another network on switch2, e.g. 172.16.1.0/24, and everything should be fine.

    BTW: You don't need echo 1 > /proc/sys/net/ipv4/ip_forward if you have net.ipv4.ip_forward = 1 in /etc/sysctl.conf.

    Answered by Mike on January 9, 2021

    Add your own answers!

    Ask a Question

    Get help from others!

    Recent Answers

    Recent Questions

    © 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP