View Full Version : [ubuntu] iptbales,route,dns,problem

September 2nd, 2010, 11:48 AM
I have a problem with complete understanding of iptables, routing and dns. I wish someone would help me with it.

So, I am running Ubuntu 10.04 and use it as an Internet gateway. I have 3 interfaces:
eth0 address looks into the first local subnetwork
eth1 address looks into the second local subnetwork
and the third one wimax0 looks into Internet, address is assigned by dhcp of provider

I want all subnetworks be able to see each other and have an access to the Internet.

Here is a result of route:

server:~$ route
Destination Gateway Genmask Flags Metric Ref Use Iface * U 0 0 0 eth0 * U 0 0 0 eth1 * U 0 0 0 wimax0
link-local * U 1000 0 0 eth0
default localhost UG 0 0 0 wimax0
for iptables I have a script executing on boot up


iptables -F
iptables -t nat -F

iptables -t nat -A POSTROUTING -o wimax0 -j MASQUERADE

iptables -t nat -A POSTROUTING -s -d -o eth0 -j SNAT --to-source

iptables -t nat -A POSTROUTING -s -d -o eth1 -j SNAT --to-source
As a result my subnetworks have an access to the Internet and ping each other. But they can't communicate via tcp/ip.
And I have a problem with dns because. I can ping from one subnet to another only with explicit IP. (not a name of pc).

Thanks in advance for any help or hint.

September 2nd, 2010, 03:00 PM
ICMP uses IP, but don't tell anyone.

September 2nd, 2010, 03:01 PM
I don't see why you would set up SNAT between your two subnets but not to the wimax0 (internet)? You should have no SNAT within your own address spaces and should have SNAT to the internet where it is needed.

As an example here is my router setup script which is run during init.


WANIP="`/sbin/ifconfig $WANIF | grep 'inet addr' | awk '{print $LANIF}' | sed -e 's/.*://'`"

echo "1" > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -o $WANIF -j MASQUERADE
iptables -t nat -A POSTROUTING -o $WANIF -j SNAT --to $WANIP
iptables -A FORWARD -i $WANIF -o $LANIF -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $LANIF -o $WANIF -j ACCEPT

service dnsmasq restart

Note, I use dnsmasq to handle dhcp/dns within my network. Since you have a second subnet you would add a couple more lines for LANIF2 similar to LANIF.