Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
E
E
Evgeny2016-11-30 12:27:32
linux
Evgeny, 2016-11-30 12:27:32

How to set up routing between two local networks?

Good afternoon!
There is a server with 3 network interface cards.
The first one looks at the Internet 192.168.0.0/24 (p4p1), the other two serve different subnets: 192.168.1.0/24 (br0) and 192.168.10.0/24 (p32p1)
NAT is up on the server. Internet access is required and works from the 192.168.1.0/24 subnet
Now I need to have access to the 192.168.1.0/24 subnet in 192.168.10.0/24.
1) Forwarding is of course enabled
2) Traffic between interfaces is allowed:
iptables -A FORWARD -i br0 -o p32p1 -j ACCEPT
However, it doesn't want to work...
Routing table:

Таблица маршутизации ядра протокола IP
Destination Gateway Genmask Flags Metric Ref Use Iface
default         192.168.0.1     0.0.0.0         UG    0      0        0 p4p1
192.168.0.0     *               255.255.255.0   U     0      0        0 p4p1
192.168.1.0     *               255.255.255.0   U     0      0        0 br0
192.168.10.0    *               255.255.255.0   U     0      0        0 p32p1

iptables config:
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]

-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT

-A INPUT -p icmp -m state --state NEW -m icmp --icmp-type echo-reply -j ACCEPT
-A INPUT -p icmp -m state --state NEW -m icmp --icmp-type destination-unreachable -j ACCEPT
-A INPUT -p icmp -m state --state NEW -m icmp --icmp-type source-quench -j ACCEPT
-A INPUT -p icmp -m state --state NEW -m icmp --icmp-type echo-request -j ACCEPT
-A INPUT -p icmp -m state --state NEW -m icmp --icmp-type time-exceeded -j ACCEPT
-A INPUT -p icmp -m state --state NEW -m icmp --icmp-type parameter-problem -j ACCEPT

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -m state --state INVALID -j DROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP

-A FORWARD -m physdev --physdev-is-bridged -j ACCEPT
-A FORWARD -i br0 -o p4p1 -j ACCEPT
-A FORWARD -i br0 -o p32p1 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

# SSH
-A INPUT -p udp -m udp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

# OpenVPN
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT

# NTP
-A INPUT -i br0 -p udp -m udp --dport 123 -j ACCEPT
-A INPUT -i p32p1 -p udp -m udp --dport 123 -j ACCEPT

# DNS
-A INPUT -i br0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i br0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i p32p1 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i p32p1 -p tcp -m tcp --dport 53 -j ACCEPT

# MDNS
-A INPUT -i br0 -p udp -m udp --dport 5353 -j ACCEPT
-A INPUT -i p32p1 -p udp -m udp --dport 5353 -j ACCEPT

# SAMBA
-A INPUT -i br0 -p tcp -m tcp --dport 135 -j ACCEPT
-A INPUT -i br0 -p udp -m udp --dport 137 -j ACCEPT
-A INPUT -i br0 -p udp -m udp --dport 138 -j ACCEPT
-A INPUT -i br0 -p tcp -m tcp --dport 139 -j ACCEPT
-A INPUT -i br0 -p tcp -m tcp --dport 445 -j ACCEPT

# WWW
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

COMMIT


*nat

# NAT
-A POSTROUTING -o p4p1 -j MASQUERADE

COMMIT

I understand that perhaps the reason is banal, but still I hope for a hint from a respected community.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
E
Evgeny, 2016-12-03
@MaksimovEvgeny

Question removed. It was in the Chinese cameras located in the subnet 192.168.10.0/24. This is such a weird glitch. Cameras could only be accessed from their own subnet.
I requested a fresh firmware from support, everything worked.
Thank you all for your participation.

Report
D
Dmitry Shitskov, 2016-11-30
@Zarom

Run tcpdump and see what goes where and doesn't come back.
Do you have this server - default gateway for all subnets?

Report
C
Cool Admin, 2016-11-30
@ifaustrue

It seems that you need to either change
:FORWARD ACCEPT [0:0]
Or add
-A FORWARD -i p32p1 -o br0 -j ACCEPT
The gateway must be a gateway for nodes in these networks.

Similar questions
O
OKNOZA2015-06-21 23:31:05
Can I not use NodeJS templating engine? 7Reply
H
hloya_ram2019-11-17 12:04:54
How does Reading Mode work in Safari and Firefox browsers? 2Reply
Y
yaoleynikov2019-01-14 15:56:51
How to create your own DNS in a corporate network? 1Reply
O
OneOlOf2020-10-26 12:25:08
How to bind subdomain to desired folder in /home/folder/html in linux? 4Reply
D
DR_Demons2014-07-26 18:05:03
How to set up wifi via netctl in Arch Linux? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question