Routing
From Attie's Wiki
(Difference between revisions)
m |
m |
||
Line 17: | Line 17: | ||
* Your addresses - e.g. is the gateway you specified actually directly accessible through the interface? | * Your addresses - e.g. is the gateway you specified actually directly accessible through the interface? | ||
− | = | + | =The Linux `iptables` command= |
+ | <source lang="bash"> | ||
+ | # list the current rules | ||
+ | iptables -L | ||
+ | </source> | ||
+ | |||
+ | ==NAT== | ||
+ | ===Setup=== | ||
To setup NAT between interfaces eth0 (outside) and tun0 (inside - e.g. a VPN server) | To setup NAT between interfaces eth0 (outside) and tun0 (inside - e.g. a VPN server) | ||
<source lang="bash"> | <source lang="bash"> | ||
Line 23: | Line 30: | ||
iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT | iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT | ||
iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT | iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT | ||
+ | </source> | ||
+ | |||
+ | ===Teardown=== | ||
+ | <source lang="bash"> | ||
+ | # remove the first item in the 'FORWARD' table, twice - you added two (forward & reverse) | ||
+ | iptables -D FORWARD 1 | ||
+ | iptables -D FORWARD 1 | ||
</source> | </source> |
Revision as of 12:24, 16 February 2012
Contents |
The Linux `route` command
Below is a list of useful commands
# show the routing table, with numeric addresses route -n # add a default route, through eth0 route add default dev eth0 # add a route to 10.150.0.0/24 through eth0 route add -net 10.150.0.0/24 dev eth0 # add a route to 10.150.0.0/24 through eth0, and the gateway 192.168.0.15 route add -net 10.150.0.0/24 gw 192.168.0.15 dev eth0
SIOCADDRT: No such process
The most unhelpful error possible. It generally means you have done something silly... check:
- Your addresses - e.g. is the gateway you specified actually directly accessible through the interface?
The Linux `iptables` command
# list the current rules iptables -L
NAT
Setup
To setup NAT between interfaces eth0 (outside) and tun0 (inside - e.g. a VPN server)
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
Teardown
# remove the first item in the 'FORWARD' table, twice - you added two (forward & reverse) iptables -D FORWARD 1 iptables -D FORWARD 1