Allowing traffic on a paricular host for a differnet network.

Consider you have two networks – 192.168.1.0/24 and 192.168.2.0/24. Both reside behind firewall ( a gateway machine actually ).Now you want to allow everyone of 192.168.2.0/24 to listen on only 192.168.1.100. The steps are –

Basically you have to apply both way traffic with iptables on the gateway machine of 192.168.1.0/24 network.

iptables -R FORWARD 1 -i eth0 -s 192.168.2.2  -d 192.168.1.100 -j ACCEPT

iptables -R FORWARD 2 -i eth1 -s 192.168.1.100 -d 192.168.2.2 -j ACCEPT

Here,

192.168.2.2 is the ip of gateway machine of 192.168 2.0/24 network.
Please make sure the correct interface ( ethN ) for in and out traffic of every host.

You can use the tcpdump command to verify the traffic flow working or not or where packets reject.

tcpdump -ni eth1 icmp

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: