[NBLUG/talk] iptables guidance/guru?
Glen Gunsalus
G-Gunsalus at mindspring.com
Mon Feb 12 13:18:21 PST 2007
I've got a wrt54g running OpenWrt 0.9. It functions fine as intended -
firewall/router to internet ("WAN") with DHCP and nat on the wireless and four
"LAN" ports using 192.168.1.0/32.
However, I'd like to set it up as a router to route between three or four
subnets. These are all on a "10-net" behind another router actually doing
NAT/DNAT to the internet. Of secondary importance (for now) would be the
ability to get dhcp and to nat on the wifi and maybe one of the "LAN" ports.
Firewalling is not so important to me at this point.
Soooo...., I've started with stock setup and done the following:
Set up separate vlans on ports 3 and 4 at 10.x.x.128/26 and 10.x.x.192/26.
(The "WAN" port is at 10.x.x.0/26 with a GW on this subnet - ports 1 and 2 and
the radio are bridged (br0) and on 192.168.1.0/32 [this is from initial
setup/default] )
netstat -nr yields:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.42.14.0 0.0.0.0 255.255.255.192 U 0 0 0 vlan1
10.42.14.128 0.0.0.0 255.255.255.192 U 0 0 0 vlan3
10.42.14.192 0.0.0.0 255.255.255.192 U 0 0 0 vlan2
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
0.0.0.0 10.42.14.1 0.0.0.0 UG 0 0 0 vlan1
>From the wrtbox (I'm ssh'd in) I can successfully ping devices/computers/ports
on all the subnets.
However, the default iptables set up by S35firewall (and probably the natting)
doesn't let me pass traffic between the subnets.
Question:
Is there a sane way to get where I want w/o having to master iptables ((looks
rather formidable to me at this point after looking at e tutorials).
TIA Glen
More information about the talk
mailing list