Answer the question
In order to leave comments, you need to log in
Two network interfaces on the gateway, how to forward through iptables?
There is a gateway on it two interfaces and L2TP - xl2tpd. you need to forward lan to the world.
xl2tpd - I set it up, the connection is good, no complaints. Getting to know iptables.
Found iptables rules online. Tried the first two, they don't work. These are:
Aside:
*
iptables -A FORWARD -i enp3s0 -o enp1s10 -s 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -i enp1s10 -o enp3s0 -d 192.168.0.0/24 -j ACCEPT
*
1. # iptables -A POSTROUTING -s 192.168.0.0/24 -o enp1s10 -j SNAT --to-source 100.112.101.233
2. #iptables -t nat -A POSTROUTING -o enp1s10 -s 192.168.0.0/24 -j MASQUERADE
3. #$LAN = eth0
$NETWORK = 192.168.0.1/24
iptables -I FORWARD 1 -i $LAN -s $NETWORK -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu (haven't tried yet)
Interface names are real, any matches are not random .
The second day I fight. Please tell me, for God's sake. Or I will forward all the ports >:[
And the second question follows:
The author of one of the rules wrote, I quote: We need to at least protect the gateway a little, add the rule -
#iptables -A INPUT -i lo -j ACCEPT
#iptables -A INPUT -i enp3s0 - s 192.168.0.0/24 -j ACCEPT
#iptables -A INPUT -i enp1s10 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
#iptables -P INPUT DROP
After it, the gateway stops pinging domain names. As if DNS fell off, but L2TP connection to the Internet is established and working. What did he make up?
Sincerely. Thank you in advance!
Answer the question
In order to leave comments, you need to log in
https://serveradmin.ru/nastroyka-shlyuza-dlya-loka...
There is a file in the article, there are a lot of comments in the file, perhaps with its help you will understand what needs to be done, in addition, allowing packet forwarding after establishing a ppp connection, does the system not have a new ppp0 interface or something like that?
iptables is really hard for beginners. Look in the direction of the ferm add-on over iptables, the readability of the configuration is much higher. And don't forget since net.ipv4.ip_forward=1.
In the base ferm config (/etc/ferm/ferm.conf) it is enough to add a rule for a masquerade.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question