forwarding and masquerading over a wireless link

This is a discussion on forwarding and masquerading over a wireless link within the Linux Networking forums, part of the Linux Forums category; I have a (overly)complex home network which I'm having some problems with. I have a cable modem directly ...


Go Back   Usenet Forums > Linux Forums > Linux Networking

Reload this Page forwarding and masquerading over a wireless link

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 02-01-2004
Brian Seppanen
 
Posts: n/a
Default forwarding and masquerading over a wireless link
I have a (overly)complex home network which I'm having some problems with.

I have a cable modem directly connected to a Linksys Wireless Router.
Everything there works fine. I have a PC directly connected to one of
the four ports on the Wireless Router Hub and that too works fine. I
have a wi-fi link with a PC in another place and that too works fine.

cable modem
||(PUB IP)
Linksys Wireless Router (192.168.1.1)
| /|\
| /|\
Directly Wireless
Connected Connected PC
PC (192.168.1.2)
(192.168.1.3) 2nd Ethernet
Interface
(192.168.2.2) <------> (192.168.2.1)WAN Interface
Router 2
|
|
Directly Connected PC3
(192.168.3.3)




I have a second ethernet card in the computer with the wi-fi connection
that goes to a second router's WAN interface. I then have a third PC
that is plugged into the Router. What I'm trying to do is get
192.168.3.3 access to the internet through an overly complicated network.

From 192.168.3.3 I can ping 192.168.3.1, 192.168.2.1, 192.168.2.2 and
but I cannot ping 192.168.1.1, 192.168.1.2 or 192.168.1.3, from the
router I can ping all of 192.168.3.0, and 192.168.2.0 but nothing on
192.168.1.0, from my second PC i can ping all of 192.168.1.0,
192.168.2.0, and 192.168.3.0.

I have masquerading setup or so I thought I did...using
bastille-firewall as the primary means of creating the rules and then
tweaking. It seems that my Masquerading configuration is not working
otherwise. It would seem if masquerading were working that traffic
coming in on 192.168.2.0/28 would be forwarded to 192.168.1.0, and ping
would work from the router, and elsewhere.

First of all is it possible to set up forwarding over the wireless link.
The wireless card has a proprietary driver and is an ADM8211 chip.
It works well enough. I've tried temporarily allowing all MAC's access
to the the wireless network, I was going to verify that worked and then
limit the macs again... I'm at a loss. I've tried to get it setup
for so long with so little success that I'm thinking that I'm trying to
accomplish the impossible.

Any assistance would be greatly appreciated.


--
Brian E. Seppanen
seppanen@chartermi.net
No matter how cynical you get, it's impossible to keep up.

# Generated by iptables-save v1.2.8 on Sat Jan 31 22:47:49 2004
*mangle
:PREROUTING ACCEPT [208882:184334888]
:INPUT ACCEPT [208863:184333592]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [218374:17183042]
:POSTROUTING ACCEPT [218374:17183042]
COMMIT
# Completed on Sat Jan 31 22:47:49 2004
# Generated by iptables-save v1.2.8 on Sat Jan 31 22:47:49 2004
*nat
:PREROUTING ACCEPT [478:59955]
:POSTROUTING ACCEPT [326:19024]
:OUTPUT ACCEPT [399:24204]
-A POSTROUTING -s 192.168.2.0/255.255.255.240 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.3.0/255.255.255.240 -o eth1 -j MASQUERADE
COMMIT
# Completed on Sat Jan 31 22:47:49 2004
# Generated by iptables-save v1.2.8 on Sat Jan 31 22:47:49 2004
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [44511:3764462]
:INT_IN - [0:0]
:INT_OUT - [0:0]
:PAROLE - [0:0]
:PUB_IN - [0:0]
:PUB_OUT - [0:0]
-A INPUT -s 192.168.2.1 -j ACCEPT
-A INPUT -s 192.168.3.0/255.255.255.240 -j ACCEPT
-A INPUT -d 127.0.0.0/255.0.0.0 -i ! lo -p tcp -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -s 224.0.0.0/240.0.0.0 -j DROP
-A INPUT -d 192.168.2.0/255.255.255.240 -i eth1 -j DROP
-A INPUT -s 192.168.2.0/255.255.255.240 -i eth1 -j DROP
-A INPUT -d 192.168.3.0/255.255.255.240 -i eth1 -j DROP
-A INPUT -s 192.168.3.0/255.255.255.240 -i eth1 -j DROP
-A INPUT -i eth1 -j PUB_IN
-A INPUT -i eth0 -j INT_IN
-A INPUT -j DROP
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.3.0/255.255.255.240 -o eth1 -j ACCEPT
-A FORWARD -s 192.168.2.0/255.255.255.240 -o eth1 -j ACCEPT
-A OUTPUT -o eth1 -j PUB_OUT
-A OUTPUT -o eth0 -j INT_OUT
-A INT_IN -p tcp -m tcp --dport 80 -j PAROLE
-A INT_IN -p tcp -m tcp --dport 22 -j PAROLE
-A INT_IN -p tcp -m tcp --dport 6000:6020 -j PAROLE
-A INT_IN -p tcp -m tcp --dport 3306 -j PAROLE
-A INT_IN -p tcp -m tcp --dport 901 -j PAROLE
-A INT_IN -p udp -m udp --dport 161 -j ACCEPT
-A INT_IN -p udp -m udp --dport 162 -j ACCEPT
-A INT_IN -p udp -m udp --dport 514 -j ACCEPT
-A INT_IN -p udp -m udp --dport 53 -j ACCEPT
-A INT_IN -p icmp -j ACCEPT
-A INT_IN -j DROP
-A INT_OUT -p icmp -j ACCEPT
-A INT_OUT -j ACCEPT
-A PAROLE -j ACCEPT
-A PUB_IN -d 192.168.1.0/255.255.255.0 -j DROP
-A PUB_IN -s 192.168.1.0/255.255.255.0 -j DROP
-A PUB_IN -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A PUB_IN -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A PUB_IN -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A PUB_IN -p tcp -m tcp --dport 80 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 22 -j PAROLE
-A PUB_IN -p udp -m udp --dport 161 -j ACCEPT
-A PUB_IN -p udp -m udp --dport 162 -j ACCEPT
-A PUB_IN -p udp -m udp --dport 514 -j ACCEPT
-A PUB_IN -p tcp -m tcp --dport 23 -m state --state INVALID,NEW -m limit --limit 5/sec --limit-burst 8 -j LOG --log-prefix "audit"
-A PUB_IN -p tcp -m tcp --dport 21 -m state --state INVALID,NEW -m limit --limit 5/sec --limit-burst 8 -j LOG --log-prefix "audit"
-A PUB_IN -p tcp -m tcp --dport 143 -m state --state INVALID,NEW -m limit --limit 5/sec --limit-burst 8 -j LOG --log-prefix "audit"
-A PUB_IN -p tcp -m tcp --dport 110 -m state --state INVALID,NEW -m limit --limit 5/sec --limit-burst 8 -j LOG --log-prefix "audit"
-A PUB_IN -p tcp -m tcp --dport 79 -m state --state INVALID,NEW -m limit --limit 5/sec --limit-burst 8 -j LOG --log-prefix "audit"
-A PUB_IN -p tcp -m tcp --dport 111 -m state --state INVALID,NEW -m limit --limit 5/sec --limit-burst 8 -j LOG --log-prefix "audit"
-A PUB_IN -p tcp -m tcp --dport 512 -m state --state INVALID,NEW -m limit --limit 5/sec --limit-burst 8 -j LOG --log-prefix "audit"
-A PUB_IN -p tcp -m tcp --dport 513 -m state --state INVALID,NEW -m limit --limit 5/sec --limit-burst 8 -j LOG --log-prefix "audit"
-A PUB_IN -p tcp -m tcp --dport 98 -m state --state INVALID,NEW -m limit --limit 5/sec --limit-burst 8 -j LOG --log-prefix "audit"
-A PUB_IN -p tcp -m tcp --dport 22 -m state --state INVALID,NEW -m limit --limit 5/sec --limit-burst 8 -j LOG --log-prefix "audit"
-A PUB_IN -p udp -m udp --dport 31337 -m state --state INVALID,NEW -m limit --limit 5/sec --limit-burst 8 -j LOG --log-prefix "audit"
-A PUB_IN -p icmp -j DROP
-A PUB_IN -j DROP
-A PUB_OUT -j ACCEPT
COMMIT
# Completed on Sat Jan 31 22:47:49 2004

Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On




All times are GMT +1. The time now is 12:27 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0