Options
IPTABLES 2 PCs 1 static route
Hi, I hope this is the right section where I can post my problem.
My network topology is as below:
I need to create a static route (NAT?) between PC1 and PC2 that are
in 2 different networks. Other PCs in the two networks don't have to
see each other.
The network interface on 192.11.1.11 has name "WAN" and the other one
has name "LAN".
I tried to add some iptables rules:
The iptables -L output:
I would like to know how I can fix my problem.Thank you very much.
My network topology is as below:
#### ## 192.11.1.11 #### 192.4.200.2 #### #### --------------- #### ------------- #### ------------- #### #### ## WAN #### LAN #### PC1 Router Firewall PC2 192.11.1.2 192.11.1.1 192.4.200.95
I need to create a static route (NAT?) between PC1 and PC2 that are
in 2 different networks. Other PCs in the two networks don't have to
see each other.
The network interface on 192.11.1.11 has name "WAN" and the other one
has name "LAN".
I tried to add some iptables rules:
iptables -t nat -I PREROUTING -d 192.11.1.2 -j DNAT --to 192.4.200.95 iptables -t nat -I POSTROUTING -s 192.4.200.95 -j SNAT --to 192.11.1.2 iptables -I FORWARD -d 192.4.200.95 -p tcp -j ACCEPTbut it doesn't work.
The iptables -L output:
Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED LOG all -- 192.4.200.0/24 anywhere LOG level warning prefix `Spoofed traffic detected: ' ACCEPT all -- 192.4.200.0/24 anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:www ACCEPT all -- 192.11.1.2 anywhere ACCEPT all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT tcp -- anywhere 192.4.200.95 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED LOG udp -- anywhere anywhere udp dpt:465 LOG level warning prefix `grant access 587:UDP' ACCEPT udp -- anywhere anywhere udp dpt:465 LOG tcp -- anywhere anywhere tcp dpt:ssmtp LOG level warning prefix `grant access 587:TCP' ACCEPT tcp -- anywhere anywhere tcp dpt:ssmtp LOG udp -- anywhere anywhere udp dpt:submission LOG level warning prefix `grant access 587:UDP' ACCEPT udp -- anywhere anywhere udp dpt:submission LOG tcp -- anywhere anywhere tcp dpt:submission LOG level warning prefix `grant access 587:TCP' ACCEPT tcp -- anywhere anywhere tcp dpt:submission LOG udp -- anywhere anywhere multiport dports imaps:pop3s LOG level warning prefix `grant access 993:995:UDP' ACCEPT udp -- anywhere anywhere multiport dports imaps:pop3s LOG tcp -- anywhere anywhere multiport dports imaps:pop3s LOG level warning prefix `grant access 993:995:TCP' ACCEPT tcp -- anywhere anywhere multiport dports imaps:pop3s Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED LOG all -- anywhere 192.4.200.0/24 LOG level warning prefix `Spoofed traffic detected: ' ACCEPT all -- anywhere 192.4.200.0/24 ACCEPT all -- anywhere 192.11.1.2 ACCEPT all -- anywhere anywhere Chain proxy (0 references) target prot opt source destination
I would like to know how I can fix my problem.Thank you very much.