0

Ok, so I am terrible with iptables so I need some help. Here is what I am trying to do.

I have a lan box on vlan 4 (172.16.9.65)
I have another box on vlan 9 (10.1.0.1)

My gateway for my 172.16.9.65 is a linux firewall and has to remain so.
Gateway/Firewall( 172.16.15.254 )

I have another box with two interfaces, one on each vlan.
Other box (eth0 172.16.9.8 ; eth1 10.1.0.2)

So my flow is like this

Desktop goes to 10.1.0.1 on port 80

Desktop(172.16.9.65)vlan4 --> GateWay/Firewall(172.16.15.154)vlan4 --> OtherBox(ETH0:172.16.9.8_vlan4 --> ETH1:10.1.0.2_vlan9) --> 10.1.0.1_originl destination.

I want to do this with iptables rules on two boxes
Gateway/Firewall
OtherBox

Thanks.

ThatGuy
  • 293
  • 1
  • 2
  • 9

1 Answers1

2

You can do it with something like this:

Add a route on your gateway (or your desktop)
route add -host 10.1.0.1 gw 172.16.9.8

Add a rule like this on the OtherBox
iptables -t nat -A POSTROUTING -i eth0 -s 172.16.9.65 -d 10.1.0.1 -p tcp --dport 80 -j MASQUERADE

pupkinsen
  • 113
  • 2
  • 10
  • Thanks, I like where you are going here but It did not work, here is what the windows box route looks like (desktop) `Active Routes:` `Network Destination Netmask Gateway Interface` `0.0.0.0 0.0.0.0 25.0.0.1 25.19.90.56` `0.0.0.0 0.0.0.0 172.16.15.254 172.16.9.65` `10.0.0.0 255.0.0.0 172.16.9.8 172.16.9.65` – ThatGuy Mar 25 '13 at 16:36
  • Is ip forwarding allowed on the OtherBox? Check `/proc/sys/net/ipv4/ip_forward` And what is in the FORWARD chain? You may have to add a rule like this if your forwarding policy is not ACCEPT `iptables -A FORWARD -s 172.16.9.65 -d 10.1.0.1 -j ACCEPT` – pupkinsen Mar 26 '13 at 05:55
  • I got it, you da man! – ThatGuy Mar 26 '13 at 15:16
  • Hey I have another similar issue. – ThatGuy Jun 25 '13 at 15:28