forward packets from one interface to another interface using iptables
I have an embeded system with 2 interfaces e0 and m0, whose ips are 10.0.0.20 and 192.168.0.20, respectively.
Incoming packets into e0 have an ip of 10.0.0.10 and should be forwarded to m0 interface to external server whose ip is 10.0.0.30. Also, the returning traffic into m0 should be returned to e0.
I tried to forward packets with these commands:
route add -net 10.0.0.0/16 dev m0
iptables -t nat -A PREROUTING -d 10.0.0.30 -j DNAT --to-destination 192.168.0.20
iptables -t nat -A POSTROUTING -s 10.0.0.0/16 -j SNAT --to-source 10.0.0.20
I did tcpdump at m0 but don't see anything going out.
Can you tell me what I am missing? Thank you in advance.
1: lo: <LOOPBACK> mtu 65536 qdisc noop
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: e0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq qlen 1000
link/ether 00:a0:c9:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.20/24 brd 10.0.0.255 scope global e0
valid_lft forever preferred_lft forever
inet6 fe80::2a0:c9ff:fe00:0/64 scope link
valid_lft forever preferred_lft forever
3: m0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq qlen 1000
link/ether 00:aa:bb:cc:dd:44 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.20 brd 192.168.0.255 scope global m0
valid_lft forever preferred_lft forever
inet6 fe80::2aa:bbff:fecc:dd44/64 scope link
valid_lft forever preferred_lft forever
4: bcm: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq qlen 1000
link/ether 00:a0:c9:00:00:03 brd ff:ff:ff:ff:ff:ff
inet6 fe80::2a0:c9ff:fe00:3/64 scope link
valid_lft forever preferred_lft forever
5: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 80:3f:5d:09:7f:4b brd ff:ff:ff:ff:ff:ff
6: e0.1@e0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
link/ether 00:a0:c9:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 127.3.0.254/24 brd 127.3.0.255 scope global e0.1
valid_lft forever preferred_lft forever
inet6 fe80::2a0:c9ff:fe00:0/64 scope link
valid_lft forever preferred_lft forever
[0.1.10] pad# ip rule show
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
[0.1.10] pad# ip ro show
default via 192.168.0.20 dev m0
10.0.0.0/24 dev m0
10.0.0.0/24 dev e0 src 10.0.0.20
127.3.0.0/24 dev e0.1 src 127.3.0.254
192.168.0.0/24 dev m0 src 192.168.0.20
0.1.10] pad# iptables -L -vn
Chain INPUT (policy ACCEPT 1480 packets, 186K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 914 packets, 158K bytes)
pkts bytes target prot opt in out source destination
0.1.10] pad# iptables -t nat -L -vn
Chain PREROUTING (policy ACCEPT 258 packets, 51912 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT all -- * * 0.0.0.0/0 10.0.0.30 to:192.168.0.20
0 0 DNAT all -- * * 0.0.0.0/0 10.0.0.30 to:192.168.0.20
0 0 DNAT all -- * * 0.0.0.0/0 10.0.0.30 to:192.168.0.20
Chain INPUT (policy ACCEPT 258 packets, 51912 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 13 packets, 876 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 13 packets, 876 bytes)
pkts bytes target prot opt in out source destination
0 0 SNAT all -- * * 10.0.0.0/16 0.0.0.0/0 to:10.0.0.20
0 0 SNAT all -- * * 10.0.0.0/16 0.0.0.0/0 to:10.0.0.20
networking iptables routing port-forwarding netfilter
edited Feb 26 '15 at 11:21
wurtel
9,86511325
asked Feb 24 '15 at 17:13
mikec
26113
add a comment |
I have an embeded system with 2 interfaces e0 and m0, whose ips are 10.0.0.20 and 192.168.0.20, respectively.
Incoming packets into e0 have an ip of 10.0.0.10 and should be forwarded to m0 interface to external server whose ip is 10.0.0.30. Also, the returning traffic into m0 should be returned to e0.
I tried to forward packets with these commands:
route add -net 10.0.0.0/16 dev m0
iptables -t nat -A PREROUTING -d 10.0.0.30 -j DNAT --to-destination 192.168.0.20
iptables -t nat -A POSTROUTING -s 10.0.0.0/16 -j SNAT --to-source 10.0.0.20
I did tcpdump at m0 but don't see anything going out.
Can you tell me what I am missing? Thank you in advance.
1: lo: <LOOPBACK> mtu 65536 qdisc noop
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: e0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq qlen 1000
link/ether 00:a0:c9:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.20/24 brd 10.0.0.255 scope global e0
valid_lft forever preferred_lft forever
inet6 fe80::2a0:c9ff:fe00:0/64 scope link
valid_lft forever preferred_lft forever
3: m0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq qlen 1000
link/ether 00:aa:bb:cc:dd:44 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.20 brd 192.168.0.255 scope global m0
valid_lft forever preferred_lft forever
inet6 fe80::2aa:bbff:fecc:dd44/64 scope link
valid_lft forever preferred_lft forever
4: bcm: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq qlen 1000
link/ether 00:a0:c9:00:00:03 brd ff:ff:ff:ff:ff:ff
inet6 fe80::2a0:c9ff:fe00:3/64 scope link
valid_lft forever preferred_lft forever
5: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 80:3f:5d:09:7f:4b brd ff:ff:ff:ff:ff:ff
6: e0.1@e0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
link/ether 00:a0:c9:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 127.3.0.254/24 brd 127.3.0.255 scope global e0.1
valid_lft forever preferred_lft forever
inet6 fe80::2a0:c9ff:fe00:0/64 scope link
valid_lft forever preferred_lft forever
[0.1.10] pad# ip rule show
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
[0.1.10] pad# ip ro show
default via 192.168.0.20 dev m0
10.0.0.0/24 dev m0
10.0.0.0/24 dev e0 src 10.0.0.20
127.3.0.0/24 dev e0.1 src 127.3.0.254
192.168.0.0/24 dev m0 src 192.168.0.20
0.1.10] pad# iptables -L -vn
Chain INPUT (policy ACCEPT 1480 packets, 186K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 914 packets, 158K bytes)
pkts bytes target prot opt in out source destination
0.1.10] pad# iptables -t nat -L -vn
Chain PREROUTING (policy ACCEPT 258 packets, 51912 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT all -- * * 0.0.0.0/0 10.0.0.30 to:192.168.0.20
0 0 DNAT all -- * * 0.0.0.0/0 10.0.0.30 to:192.168.0.20
0 0 DNAT all -- * * 0.0.0.0/0 10.0.0.30 to:192.168.0.20
Chain INPUT (policy ACCEPT 258 packets, 51912 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 13 packets, 876 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 13 packets, 876 bytes)
pkts bytes target prot opt in out source destination
0 0 SNAT all -- * * 10.0.0.0/16 0.0.0.0/0 to:10.0.0.20
0 0 SNAT all -- * * 10.0.0.0/16 0.0.0.0/0 to:10.0.0.20
networking iptables routing port-forwarding netfilter
edited Feb 26 '15 at 11:21
wurtel
9,86511325
asked Feb 24 '15 at 17:13
mikec
26113
1
It doesn't make sense that the packet should be forwarded towards 10.0.0.30 through an interface that has an IP address of 192.168.0.20 while the other interface is 10.0.0.20. Please edit the question to include the output of the following commands:ip a show;ip ro show;ip rule show;iptables -L -vn;iptables -t nat -L -vn
– wurtel
Feb 25 '15 at 7:56
hi wurtel, ok edited the question with the info you requested. i assigned e0 and m0 to have same subnet as external server (10.0.0.30) thinking that it might make things easier? the ip of m0 is fixed and i can't change that but can change the other ips. i found a way to send packet from device on e0 interface to external server on m0 interface by bridging e0 and m0 but i would like to see if it's possible to do this with iptables. maybe it's not??
– mikec
Feb 26 '15 at 4:41
2
The thing is that as youre0interface has a 10.0.0.0/24 network, packets from 10.0.0.10 to 10.0.0.30 will not be routed through your system and out of them0interface. Your system will at most send 10.0.0.10 anICMP redirectpacket, telling it to directly send the packet towards 10.0.0.30 instead of towards 10.0.0.20. Actually I expect that 10.0.0.10 won't even try to send it through 10.0.0.20. You would need to set a host route on the 10.0.0.10 system for 10.0.0.30 via 10.0.0.20, and on 10.0.0.20 a host route for 10.0.0.30 via device m0; that might work.
– wurtel
Feb 26 '15 at 11:29
Have you enabled forwarding?cat /proc/sys/net/ipv4/ip_forwardshould return 1.
– YoMismo
Feb 26 '15 at 11:31
yes i have enabled forwarding. so far, nothing has worked, so i htink i wll do bridging instead. thank you everyone for your help.
– mikec
Feb 26 '15 at 21:59
add a comment |
I have an embeded system with 2 interfaces e0 and m0, whose ips are 10.0.0.20 and 192.168.0.20, respectively.
Incoming packets into e0 have an ip of 10.0.0.10 and should be forwarded to m0 interface to external server whose ip is 10.0.0.30. Also, the returning traffic into m0 should be returned to e0.
I tried to forward packets with these commands:
route add -net 10.0.0.0/16 dev m0
iptables -t nat -A PREROUTING -d 10.0.0.30 -j DNAT --to-destination 192.168.0.20
iptables -t nat -A POSTROUTING -s 10.0.0.0/16 -j SNAT --to-source 10.0.0.20
I did tcpdump at m0 but don't see anything going out.
Can you tell me what I am missing? Thank you in advance.
1: lo: <LOOPBACK> mtu 65536 qdisc noop
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: e0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq qlen 1000
link/ether 00:a0:c9:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.20/24 brd 10.0.0.255 scope global e0
valid_lft forever preferred_lft forever
inet6 fe80::2a0:c9ff:fe00:0/64 scope link
valid_lft forever preferred_lft forever
3: m0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq qlen 1000
link/ether 00:aa:bb:cc:dd:44 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.20 brd 192.168.0.255 scope global m0
valid_lft forever preferred_lft forever
inet6 fe80::2aa:bbff:fecc:dd44/64 scope link
valid_lft forever preferred_lft forever
4: bcm: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq qlen 1000
link/ether 00:a0:c9:00:00:03 brd ff:ff:ff:ff:ff:ff
inet6 fe80::2a0:c9ff:fe00:3/64 scope link
valid_lft forever preferred_lft forever
5: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 80:3f:5d:09:7f:4b brd ff:ff:ff:ff:ff:ff
6: e0.1@e0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
link/ether 00:a0:c9:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 127.3.0.254/24 brd 127.3.0.255 scope global e0.1
valid_lft forever preferred_lft forever
inet6 fe80::2a0:c9ff:fe00:0/64 scope link
valid_lft forever preferred_lft forever
[0.1.10] pad# ip rule show
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
[0.1.10] pad# ip ro show
default via 192.168.0.20 dev m0
10.0.0.0/24 dev m0
10.0.0.0/24 dev e0 src 10.0.0.20
127.3.0.0/24 dev e0.1 src 127.3.0.254
192.168.0.0/24 dev m0 src 192.168.0.20
0.1.10] pad# iptables -L -vn
Chain INPUT (policy ACCEPT 1480 packets, 186K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 914 packets, 158K bytes)
pkts bytes target prot opt in out source destination
0.1.10] pad# iptables -t nat -L -vn
Chain PREROUTING (policy ACCEPT 258 packets, 51912 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT all -- * * 0.0.0.0/0 10.0.0.30 to:192.168.0.20
0 0 DNAT all -- * * 0.0.0.0/0 10.0.0.30 to:192.168.0.20
0 0 DNAT all -- * * 0.0.0.0/0 10.0.0.30 to:192.168.0.20
Chain INPUT (policy ACCEPT 258 packets, 51912 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 13 packets, 876 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 13 packets, 876 bytes)
pkts bytes target prot opt in out source destination
0 0 SNAT all -- * * 10.0.0.0/16 0.0.0.0/0 to:10.0.0.20
0 0 SNAT all -- * * 10.0.0.0/16 0.0.0.0/0 to:10.0.0.20
networking iptables routing port-forwarding netfilter
edited Feb 26 '15 at 11:21
wurtel
9,86511325
asked Feb 24 '15 at 17:13
mikec
26113
I have an embeded system with 2 interfaces e0 and m0, whose ips are 10.0.0.20 and 192.168.0.20, respectively.
Incoming packets into e0 have an ip of 10.0.0.10 and should be forwarded to m0 interface to external server whose ip is 10.0.0.30. Also, the returning traffic into m0 should be returned to e0.
I tried to forward packets with these commands:
route add -net 10.0.0.0/16 dev m0
iptables -t nat -A PREROUTING -d 10.0.0.30 -j DNAT --to-destination 192.168.0.20
iptables -t nat -A POSTROUTING -s 10.0.0.0/16 -j SNAT --to-source 10.0.0.20
I did tcpdump at m0 but don't see anything going out.
Can you tell me what I am missing? Thank you in advance.
1: lo: <LOOPBACK> mtu 65536 qdisc noop
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: e0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq qlen 1000
link/ether 00:a0:c9:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.20/24 brd 10.0.0.255 scope global e0
valid_lft forever preferred_lft forever
inet6 fe80::2a0:c9ff:fe00:0/64 scope link
valid_lft forever preferred_lft forever
3: m0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq qlen 1000
link/ether 00:aa:bb:cc:dd:44 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.20 brd 192.168.0.255 scope global m0
valid_lft forever preferred_lft forever
inet6 fe80::2aa:bbff:fecc:dd44/64 scope link
valid_lft forever preferred_lft forever
4: bcm: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq qlen 1000
link/ether 00:a0:c9:00:00:03 brd ff:ff:ff:ff:ff:ff
inet6 fe80::2a0:c9ff:fe00:3/64 scope link
valid_lft forever preferred_lft forever
5: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 80:3f:5d:09:7f:4b brd ff:ff:ff:ff:ff:ff
6: e0.1@e0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
link/ether 00:a0:c9:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 127.3.0.254/24 brd 127.3.0.255 scope global e0.1
valid_lft forever preferred_lft forever
inet6 fe80::2a0:c9ff:fe00:0/64 scope link
valid_lft forever preferred_lft forever
[0.1.10] pad# ip rule show
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
[0.1.10] pad# ip ro show
default via 192.168.0.20 dev m0
10.0.0.0/24 dev m0
10.0.0.0/24 dev e0 src 10.0.0.20
127.3.0.0/24 dev e0.1 src 127.3.0.254
192.168.0.0/24 dev m0 src 192.168.0.20
0.1.10] pad# iptables -L -vn
Chain INPUT (policy ACCEPT 1480 packets, 186K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 914 packets, 158K bytes)
pkts bytes target prot opt in out source destination
0.1.10] pad# iptables -t nat -L -vn
Chain PREROUTING (policy ACCEPT 258 packets, 51912 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT all -- * * 0.0.0.0/0 10.0.0.30 to:192.168.0.20
0 0 DNAT all -- * * 0.0.0.0/0 10.0.0.30 to:192.168.0.20
0 0 DNAT all -- * * 0.0.0.0/0 10.0.0.30 to:192.168.0.20
Chain INPUT (policy ACCEPT 258 packets, 51912 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 13 packets, 876 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 13 packets, 876 bytes)
pkts bytes target prot opt in out source destination
0 0 SNAT all -- * * 10.0.0.0/16 0.0.0.0/0 to:10.0.0.20
0 0 SNAT all -- * * 10.0.0.0/16 0.0.0.0/0 to:10.0.0.20
networking iptables routing port-forwarding netfilter
networking iptables routing port-forwarding netfilter
edited Feb 26 '15 at 11:21
wurtel
9,86511325
asked Feb 24 '15 at 17:13
mikec
26113
edited Feb 26 '15 at 11:21
wurtel
9,86511325
asked Feb 24 '15 at 17:13
mikec
26113
edited Feb 26 '15 at 11:21
wurtel
9,86511325
edited Feb 26 '15 at 11:21
wurtel
9,86511325
edited Feb 26 '15 at 11:21
wurtel
9,86511325
9,86511325
asked Feb 24 '15 at 17:13
mikec
26113
asked Feb 24 '15 at 17:13
mikec
26113
asked Feb 24 '15 at 17:13
mikec
26113
26113
1
It doesn't make sense that the packet should be forwarded towards 10.0.0.30 through an interface that has an IP address of 192.168.0.20 while the other interface is 10.0.0.20. Please edit the question to include the output of the following commands:ip a show;ip ro show;ip rule show;iptables -L -vn;iptables -t nat -L -vn
– wurtel
Feb 25 '15 at 7:56
hi wurtel, ok edited the question with the info you requested. i assigned e0 and m0 to have same subnet as external server (10.0.0.30) thinking that it might make things easier? the ip of m0 is fixed and i can't change that but can change the other ips. i found a way to send packet from device on e0 interface to external server on m0 interface by bridging e0 and m0 but i would like to see if it's possible to do this with iptables. maybe it's not??
– mikec
Feb 26 '15 at 4:41
2
The thing is that as youre0interface has a 10.0.0.0/24 network, packets from 10.0.0.10 to 10.0.0.30 will not be routed through your system and out of them0interface. Your system will at most send 10.0.0.10 anICMP redirectpacket, telling it to directly send the packet towards 10.0.0.30 instead of towards 10.0.0.20. Actually I expect that 10.0.0.10 won't even try to send it through 10.0.0.20. You would need to set a host route on the 10.0.0.10 system for 10.0.0.30 via 10.0.0.20, and on 10.0.0.20 a host route for 10.0.0.30 via device m0; that might work.
– wurtel
Feb 26 '15 at 11:29
Have you enabled forwarding?cat /proc/sys/net/ipv4/ip_forwardshould return 1.
– YoMismo
Feb 26 '15 at 11:31
yes i have enabled forwarding. so far, nothing has worked, so i htink i wll do bridging instead. thank you everyone for your help.
– mikec
Feb 26 '15 at 21:59
add a comment |
1
It doesn't make sense that the packet should be forwarded towards 10.0.0.30 through an interface that has an IP address of 192.168.0.20 while the other interface is 10.0.0.20. Please edit the question to include the output of the following commands:ip a show;ip ro show;ip rule show;iptables -L -vn;iptables -t nat -L -vn
– wurtel
Feb 25 '15 at 7:56
hi wurtel, ok edited the question with the info you requested. i assigned e0 and m0 to have same subnet as external server (10.0.0.30) thinking that it might make things easier? the ip of m0 is fixed and i can't change that but can change the other ips. i found a way to send packet from device on e0 interface to external server on m0 interface by bridging e0 and m0 but i would like to see if it's possible to do this with iptables. maybe it's not??
– mikec
Feb 26 '15 at 4:41
2
The thing is that as youre0interface has a 10.0.0.0/24 network, packets from 10.0.0.10 to 10.0.0.30 will not be routed through your system and out of them0interface. Your system will at most send 10.0.0.10 anICMP redirectpacket, telling it to directly send the packet towards 10.0.0.30 instead of towards 10.0.0.20. Actually I expect that 10.0.0.10 won't even try to send it through 10.0.0.20. You would need to set a host route on the 10.0.0.10 system for 10.0.0.30 via 10.0.0.20, and on 10.0.0.20 a host route for 10.0.0.30 via device m0; that might work.
– wurtel
Feb 26 '15 at 11:29
Have you enabled forwarding?cat /proc/sys/net/ipv4/ip_forwardshould return 1.
– YoMismo
Feb 26 '15 at 11:31
yes i have enabled forwarding. so far, nothing has worked, so i htink i wll do bridging instead. thank you everyone for your help.
– mikec
Feb 26 '15 at 21:59
1
1
It doesn't make sense that the packet should be forwarded towards 10.0.0.30 through an interface that has an IP address of 192.168.0.20 while the other interface is 10.0.0.20. Please edit the question to include the output of the following commands:
ip a show; ip ro show; ip rule show; iptables -L -vn; iptables -t nat -L -vn– wurtel
Feb 25 '15 at 7:56
It doesn't make sense that the packet should be forwarded towards 10.0.0.30 through an interface that has an IP address of 192.168.0.20 while the other interface is 10.0.0.20. Please edit the question to include the output of the following commands:
ip a show; ip ro show; ip rule show; iptables -L -vn; iptables -t nat -L -vn– wurtel
Feb 25 '15 at 7:56
hi wurtel, ok edited the question with the info you requested. i assigned e0 and m0 to have same subnet as external server (10.0.0.30) thinking that it might make things easier? the ip of m0 is fixed and i can't change that but can change the other ips. i found a way to send packet from device on e0 interface to external server on m0 interface by bridging e0 and m0 but i would like to see if it's possible to do this with iptables. maybe it's not??
– mikec
Feb 26 '15 at 4:41
hi wurtel, ok edited the question with the info you requested. i assigned e0 and m0 to have same subnet as external server (10.0.0.30) thinking that it might make things easier? the ip of m0 is fixed and i can't change that but can change the other ips. i found a way to send packet from device on e0 interface to external server on m0 interface by bridging e0 and m0 but i would like to see if it's possible to do this with iptables. maybe it's not??
– mikec
Feb 26 '15 at 4:41
2
2
The thing is that as your
e0 interface has a 10.0.0.0/24 network, packets from 10.0.0.10 to 10.0.0.30 will not be routed through your system and out of the m0 interface. Your system will at most send 10.0.0.10 an ICMP redirect packet, telling it to directly send the packet towards 10.0.0.30 instead of towards 10.0.0.20. Actually I expect that 10.0.0.10 won't even try to send it through 10.0.0.20. You would need to set a host route on the 10.0.0.10 system for 10.0.0.30 via 10.0.0.20, and on 10.0.0.20 a host route for 10.0.0.30 via device m0; that might work.– wurtel
Feb 26 '15 at 11:29
The thing is that as your
e0 interface has a 10.0.0.0/24 network, packets from 10.0.0.10 to 10.0.0.30 will not be routed through your system and out of the m0 interface. Your system will at most send 10.0.0.10 an ICMP redirect packet, telling it to directly send the packet towards 10.0.0.30 instead of towards 10.0.0.20. Actually I expect that 10.0.0.10 won't even try to send it through 10.0.0.20. You would need to set a host route on the 10.0.0.10 system for 10.0.0.30 via 10.0.0.20, and on 10.0.0.20 a host route for 10.0.0.30 via device m0; that might work.– wurtel
Feb 26 '15 at 11:29
Have you enabled forwarding?
cat /proc/sys/net/ipv4/ip_forward should return 1.– YoMismo
Feb 26 '15 at 11:31
Have you enabled forwarding?
cat /proc/sys/net/ipv4/ip_forward should return 1.– YoMismo
Feb 26 '15 at 11:31
yes i have enabled forwarding. so far, nothing has worked, so i htink i wll do bridging instead. thank you everyone for your help.
– mikec
Feb 26 '15 at 21:59
yes i have enabled forwarding. so far, nothing has worked, so i htink i wll do bridging instead. thank you everyone for your help.
– mikec
Feb 26 '15 at 21:59
add a comment |
2 Answers
2
active
oldest
votes
@Mike: Flush ALL rules/tables and start with just the basics to ensure you can nat between networks.
echo 1 > /proc/sys/net/ipv4/ip_forward
route add -net 10.0.0.0/16 dev m0
iptables -t nat -A POSTROUTING -o m0 -j MASQUERADE
In my eyes, this should route and masquerade all 10.0.x.x traffic to m0 regardless of ip addressing. If successful, build on this based on the needs of your network.
answered Feb 27 '15 at 7:56
T.J.
11
add a comment |
By using:
netstat -r
you will easily see that your scheme of IP addresses attribution can't work as you want.
More precisely, you have:
Destination ... Netif
10.0.0.0/24 e0
10.0.0.0/16 m0
192.168.0.0/24 m0
And 10.0.0.20, 10.0.0.10 and 10.0.0.30 all belong to 10.0.0.0/24. This mean that the 2 adresses which you want to make routing between are on the same network side (e0) of your router (your "embedded system" acts here as a router).
You can't achieve to make them go the other (m0) side through routing or bridging.
Consequently you can't make any project of translating the traffic e0 → m0.
First things first, make an IP addresses scheme which works, and check it with:
netstat -r
answered Dec 30 '17 at 15:53
daniel Azuelos
697317
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f186636%2fforward-packets-from-one-interface-to-another-interface-using-iptables%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
@Mike: Flush ALL rules/tables and start with just the basics to ensure you can nat between networks.
echo 1 > /proc/sys/net/ipv4/ip_forward
route add -net 10.0.0.0/16 dev m0
iptables -t nat -A POSTROUTING -o m0 -j MASQUERADE
In my eyes, this should route and masquerade all 10.0.x.x traffic to m0 regardless of ip addressing. If successful, build on this based on the needs of your network.
answered Feb 27 '15 at 7:56
T.J.
11
add a comment |
@Mike: Flush ALL rules/tables and start with just the basics to ensure you can nat between networks.
echo 1 > /proc/sys/net/ipv4/ip_forward
route add -net 10.0.0.0/16 dev m0
iptables -t nat -A POSTROUTING -o m0 -j MASQUERADE
In my eyes, this should route and masquerade all 10.0.x.x traffic to m0 regardless of ip addressing. If successful, build on this based on the needs of your network.
answered Feb 27 '15 at 7:56
T.J.
11
add a comment |
@Mike: Flush ALL rules/tables and start with just the basics to ensure you can nat between networks.
echo 1 > /proc/sys/net/ipv4/ip_forward
route add -net 10.0.0.0/16 dev m0
iptables -t nat -A POSTROUTING -o m0 -j MASQUERADE
In my eyes, this should route and masquerade all 10.0.x.x traffic to m0 regardless of ip addressing. If successful, build on this based on the needs of your network.
answered Feb 27 '15 at 7:56
T.J.
11
@Mike: Flush ALL rules/tables and start with just the basics to ensure you can nat between networks.
echo 1 > /proc/sys/net/ipv4/ip_forward
route add -net 10.0.0.0/16 dev m0
iptables -t nat -A POSTROUTING -o m0 -j MASQUERADE
In my eyes, this should route and masquerade all 10.0.x.x traffic to m0 regardless of ip addressing. If successful, build on this based on the needs of your network.
answered Feb 27 '15 at 7:56
T.J.
11
edited Feb 27 '15 at 8:04
answered Feb 27 '15 at 7:56
T.J.
11
answered Feb 27 '15 at 7:56
T.J.
11
answered Feb 27 '15 at 7:56
T.J.
11
11
add a comment |
add a comment |
By using:
netstat -r
you will easily see that your scheme of IP addresses attribution can't work as you want.
More precisely, you have:
Destination ... Netif
10.0.0.0/24 e0
10.0.0.0/16 m0
192.168.0.0/24 m0
And 10.0.0.20, 10.0.0.10 and 10.0.0.30 all belong to 10.0.0.0/24. This mean that the 2 adresses which you want to make routing between are on the same network side (e0) of your router (your "embedded system" acts here as a router).
You can't achieve to make them go the other (m0) side through routing or bridging.
Consequently you can't make any project of translating the traffic e0 → m0.
First things first, make an IP addresses scheme which works, and check it with:
netstat -r
answered Dec 30 '17 at 15:53
daniel Azuelos
697317
add a comment |
By using:
netstat -r
you will easily see that your scheme of IP addresses attribution can't work as you want.
More precisely, you have:
Destination ... Netif
10.0.0.0/24 e0
10.0.0.0/16 m0
192.168.0.0/24 m0
And 10.0.0.20, 10.0.0.10 and 10.0.0.30 all belong to 10.0.0.0/24. This mean that the 2 adresses which you want to make routing between are on the same network side (e0) of your router (your "embedded system" acts here as a router).
You can't achieve to make them go the other (m0) side through routing or bridging.
Consequently you can't make any project of translating the traffic e0 → m0.
First things first, make an IP addresses scheme which works, and check it with:
netstat -r
answered Dec 30 '17 at 15:53
daniel Azuelos
697317
add a comment |
By using:
netstat -r
you will easily see that your scheme of IP addresses attribution can't work as you want.
More precisely, you have:
Destination ... Netif
10.0.0.0/24 e0
10.0.0.0/16 m0
192.168.0.0/24 m0
And 10.0.0.20, 10.0.0.10 and 10.0.0.30 all belong to 10.0.0.0/24. This mean that the 2 adresses which you want to make routing between are on the same network side (e0) of your router (your "embedded system" acts here as a router).
You can't achieve to make them go the other (m0) side through routing or bridging.
Consequently you can't make any project of translating the traffic e0 → m0.
First things first, make an IP addresses scheme which works, and check it with:
netstat -r
answered Dec 30 '17 at 15:53
daniel Azuelos
697317
By using:
netstat -r
you will easily see that your scheme of IP addresses attribution can't work as you want.
More precisely, you have:
Destination ... Netif
10.0.0.0/24 e0
10.0.0.0/16 m0
192.168.0.0/24 m0
And 10.0.0.20, 10.0.0.10 and 10.0.0.30 all belong to 10.0.0.0/24. This mean that the 2 adresses which you want to make routing between are on the same network side (e0) of your router (your "embedded system" acts here as a router).
You can't achieve to make them go the other (m0) side through routing or bridging.
Consequently you can't make any project of translating the traffic e0 → m0.
First things first, make an IP addresses scheme which works, and check it with:
netstat -r
answered Dec 30 '17 at 15:53
daniel Azuelos
697317
answered Dec 30 '17 at 15:53
daniel Azuelos
697317
answered Dec 30 '17 at 15:53
daniel Azuelos
697317
answered Dec 30 '17 at 15:53
daniel Azuelos
697317
697317
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f186636%2fforward-packets-from-one-interface-to-another-interface-using-iptables%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
It doesn't make sense that the packet should be forwarded towards 10.0.0.30 through an interface that has an IP address of 192.168.0.20 while the other interface is 10.0.0.20. Please edit the question to include the output of the following commands:
ip a show;ip ro show;ip rule show;iptables -L -vn;iptables -t nat -L -vn– wurtel
Feb 25 '15 at 7:56
hi wurtel, ok edited the question with the info you requested. i assigned e0 and m0 to have same subnet as external server (10.0.0.30) thinking that it might make things easier? the ip of m0 is fixed and i can't change that but can change the other ips. i found a way to send packet from device on e0 interface to external server on m0 interface by bridging e0 and m0 but i would like to see if it's possible to do this with iptables. maybe it's not??
– mikec
Feb 26 '15 at 4:41
2
The thing is that as your
e0interface has a 10.0.0.0/24 network, packets from 10.0.0.10 to 10.0.0.30 will not be routed through your system and out of them0interface. Your system will at most send 10.0.0.10 anICMP redirectpacket, telling it to directly send the packet towards 10.0.0.30 instead of towards 10.0.0.20. Actually I expect that 10.0.0.10 won't even try to send it through 10.0.0.20. You would need to set a host route on the 10.0.0.10 system for 10.0.0.30 via 10.0.0.20, and on 10.0.0.20 a host route for 10.0.0.30 via device m0; that might work.– wurtel
Feb 26 '15 at 11:29
Have you enabled forwarding?
cat /proc/sys/net/ipv4/ip_forwardshould return 1.– YoMismo
Feb 26 '15 at 11:31
yes i have enabled forwarding. so far, nothing has worked, so i htink i wll do bridging instead. thank you everyone for your help.
– mikec
Feb 26 '15 at 21:59