Revision as of 14:53, 26 March 2014

The Linux `route` command

Below is a list of useful commands

# show the routing table, with numeric addresses
route -n
# add a default route, through eth0, via 192.168.1.1
route add default dev eth0 gw 192.168.1.1
# add a route to 10.150.0.0/24 through eth0
route add -net 10.150.0.0/24 dev eth0
# add a route to 10.150.0.0/24 through eth0, and the gateway 192.168.0.15
route add -net 10.150.0.0/24 gw 192.168.0.15 dev eth0

SIOCADDRT: No such process

The most unhelpful error possible. It generally means you have done something silly... check:

Your addresses - e.g. is the gateway you specified actually directly accessible through the interface?

The Linux `iptables` command

# list the current rules (not very useful without -v)
iptables -vL
 
# list the current rules in the NAT table
iptables -t nat -vL

NAT

Setup

To setup NAT between interfaces eth0 (outside) and tun0 (inside - e.g. a VPN server)

INSIDE=tun0
OUTSIDE=eth0
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o ${OUTSIDE} -j MASQUERADE
iptables -A FORWARD -i ${OUTSIDE} -o ${INSIDE} -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ${INSIDE} -o ${OUTSIDE} -j ACCEPT

Port Forwarding

EXTERNAL_PORT=230
INTERNAL_HOST=192.168.0.4
INTERNAL_PORT=23
iptables -t nat -A PREROUTING -i ${OUTSIDE} -p tcp --dport ${EXTERNAL_PORT} -j DNAT --to ${INTERNAL_HOST}:${INTERNAL_PORT}
 
===Teardown===
<source lang="bash">
# remove the first item in the 'FORWARD' table, twice - you added two (forward & reverse)
iptables -D FORWARD 1
iptables -D FORWARD 1
iptables -t nat -D POSTROUTING 1

Routing

Revision as of 14:53, 26 March 2014

Contents

The Linux `route` command

SIOCADDRT: No such process

The Linux `iptables` command

NAT

Setup

Port Forwarding

Personal tools

Namespaces

Variants

Views

Actions

Search

Navigation

Toolbox