[GRLUG] Routing between subnets with iptables

megadave megadave at gmail.com
Wed Jan 16 21:43:25 EST 2013 

Forgot to add, if they are on seperate network segments, then check
the router that physically interconnects them and see if it needs to
be configured to do routing between the two (without doing any NAT of
course)

If you re using two separate routers, then you'll need to add a router
with a specific configuration (eg, *not* the normal nat/firewall
setup) between the two networks.

On Wed, Jan 16, 2013 at 9:41 PM, megadave <megadave at gmail.com> wrote:
> iptables is firewalling, not routing
>
> If the same router is doing the NAT for both networks, it should also
> support routing between them, I would think by default.
>
> If you are using both of these on the same physical/logical network
> segment, that is going to be very inefficient - it would make more
> sense to adjust the netmask so that you had one larger "subnet" and
> all systems on the inside would be able to directly address each
> other.
>
> For the specific example you give below, if you are using
> 255.255.255.0 as a netmask, if you adjust the netmask on ALL devices
> to 255.255.248.0 that will give you one subnet with addresses ranging
> from 10.0.0.1 through 10.0.3.254 all directly addressable to each
> other.
>
>
> On Wed, Jan 16, 2013 at 9:29 PM, Don Ellis <don.ellis at gmail.com> wrote:
>> We have a network set up with two subnets behind a NAT. We are able to
>> get out of the network from either subnet.
>>
>> What we want to do is be able to connect between a system on one
>> subnet and a system on the other subnet.
>>
>> Does anyone have examples of doing this using iptables?
>>
>> systemA in subnet0: 10.0.1.200
>> systemB in subnet1: 10.0.3.200
>>
>> I have tried making changes in the iptables configuration, but I don't
>> have enough experience in iptables to know where to use -i, -o, -d,
>> and -s (I think those are the values to be adjusted here). Also, I'm
>> making assumptions about what table and chain the rules need to be
>> added to, and when to append (-A) and when to insert (-I).
>>
>> Except for my first adjustment to something someone else had done
>> wrong, my shooting in the dark has had no results.
>>
>> TIA,
>>
>> --Don Ellis
>> _______________________________________________
>> grlug mailing list
>> grlug at grlug.org
>> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug

More information about the grlug mailing list