[TriLUG] iptables with more than 2 nics
Michael Hrivnak
mhrivnak at triad.rr.com
Mon May 3 11:02:29 EDT 2004
This is my configuration:
---------------
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -A FORWARD -i eth2 -o eth1 -j DROP
iptables -A FORWARD -i eth1 -o eth2 -j DROP
iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.1.0/24 -j ACCEPT
iptables -A FORWARD -s 192.168.3.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.3.0/24 -j ACCEPT
iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# Block external access to ntop
iptables -A INPUT -i eth0 -p tcp --dport 3000 -j DROP
-----------------------
eth0 = road runner
eth1 = wired cients 192.168.1.
eth2 = wireless clients 192.168.3.
As you can see, I've prevented wireless clients from accessing the wired
clients, and vice versa.
There are some tools such as shorewall that might be of great help to you, but
I've never used them. I'm not a big fan of middle management on my systems.
Using iptables directly is very powerful and not too terribly tedious.
Are there specific issues you want to know about? Feel free to post what
you've tried with some detail about what you want to accomplish.
Michael
On Monday 03 May 2004 10:18 am, Ryan Leathers wrote:
> Im interested in setting up iptables on a host with several nics. I
> thought this would be a snap but its got me stumped. Now I must admit
> that I have a lot more experience with hardware firewalls (Cisco PIX)
> than with IPTABLES, and part of my problem may be that Im trying to see
> IPTABLES conform in some way to my tainted expectations.
>
> In short, I want to assign rules on a per interface basis. I want to
> masq between eth0 and eth1 as well as between eth0 and eth2. I want
> eth1 to permit certain traffic and eth2 to permit a different set of
> traffic. Simply plugging in "-i eth1" isn't getting me where I thought
> it would.
>
> I have set up a number of IPTABLES instances where one or two nics were
> used, but can't find any examples of multi-nic iptables. Can anyone
> point me to good examples?
>
>
> --
> Ryan Leathers <ryan.leathers at globalknowledge.com>
> Global Knowledge
More information about the TriLUG
mailing list