But now I am back for a while...
These days I am working on developing a firewall module based on netfilter/iptables. To test my module I tried to prepare a test environment containing three linux machines (both on the same local network). My test scenario is something like that:
- Machine A: Client machine
- Machine B: The machine where my module works
- Machine C: Server machine
route add -net C netmask 255.255.255.0 gw B dev eth0
And make necessary configuration on B as:
/proc/sys/net/ipv4/ip_forward
/etc/sysctl.conf -- net.ipv4.ip_forward = 1
/etc/sysconfig/network -- FORWARD_IPV4=true
Everything seems perfect but when I observe the routing of packets from A to C, I observed that after the transmission of the first packet, A detects that both A and C are on the same local network, so it bypasses B (the gateway).
I tried to find a solution by Googling but couldn't find a suitable one, so began to read documentations and found out a solution using ip masquerading. On machine B make the following configuration:
iptables -t nat -A POSTROUTING -d C -o eth0 -j MASQUERADE
And everything works as desired (each packet from A to C routed through B)
No comments:
Post a Comment