[GRLUG] Routing between subnets with iptables

[Adam Tauno Williams]

On Wed, 2013-01-16 at 21:41 -0500, megadave wrote:
> iptables is firewalling, not routing
> If the same router is doing the NAT for both networks, it should also
> support routing between them, I would think by default.

Eh, sort of.  It would certainly route between them by default - if IP
forwarding is enabled.  NAT on the other hand can be configured
4^number-of-networks kind of ways.  NAT makes everything more
complicated.

First question would be: do you need to NAT between the two internal
networks?

> If you are using both of these on the same physical/logical network
> segment, that is going to be very inefficient - it would make more
> sense to adjust the netmask so that you had one larger "subnet" and
> all systems on the inside would be able to directly address each
> other.

Yep

> For the specific example you give below, if you are using
> 255.255.255.0 as a netmask, if you adjust the netmask on ALL devices
> to 255.255.248.0 that will give you one subnet with addresses ranging
> from 10.0.0.1 through 10.0.3.254 all directly addressable to each
> other.
> On Wed, Jan 16, 2013 at 9:29 PM, Don Ellis <don.ellis at gmail.com> wrote:
> > We have a network set up with two subnets behind a NAT. We are able to
> > get out of the network from either subnet.
> > What we want to do is be able to connect between a system on one
> > subnet and a system on the other subnet.
> > Does anyone have examples of doing this using iptables?

My advice is to *STOP* immediately using iptables directly.  The syntax
is very confusing, on top of what can already be confusing by itself.
Is that ... -a  ... or -A ... oh, I can't remember.

Immediately install FWBuilder and let it generate the rules for you.
You can always look at what it generates in order to learn iptables
better.

<http://www.fwbuilder.org/>



-- 
Adam Tauno Williams  GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA