0

I have a Linux setup which consists of two interface. A local LAN interface and virtual interface.

ETH0: 150.10.15.194
PAN0: 192.168.255.209

I would like to set rules that route all ICMP echo messages from ETH0 to VA0 and vice verca.

I prefer the routing to be static by intertace and not IP. for instance, If a packet arrives on ETH0 and the destination is not local, the packet should be routed to VA0.

Same goes for packets that arrive from VA0 to ETH0.

How can I achieve that ?

stdcall
  • 187
  • 1
  • 8
  • Firstly, rules are order-dependent, so seeing a few lines of `iptables` is useless; we need the whole output of `iptables -L -n -v`. Secondly, could you add an example of a client on the 192.168.255` network doing a `ping` to an external client, showing us the failure? – MadHatter May 31 '15 at 10:54
  • Iptables is empty before this commands. I flushed it all – stdcall May 31 '15 at 11:41
  • It'd be better to see than hear that, but OK. And my latter request above? – MadHatter May 31 '15 at 12:24
  • Please see that I changed the question. iptables is not what I need. – stdcall May 31 '15 at 12:24
  • 1
    What are the IP networks you have behind those interfaces? – Tero Kilkanen May 31 '15 at 13:28
  • @TeroKilkanen That's the issue. This is essentially the same network. – stdcall May 31 '15 at 13:33
  • 1
    No it is not, there are two separate IP networks here, one starting with `150.` and another with `192.`. What are the complete specifications of those IP networks? And what are `ETH0`, `PAN0` and `VA0` exactly? – Tero Kilkanen May 31 '15 at 13:34

1 Answers1

1

You need to post all your rules to allow us to help you better. Anyway, I can say the following:

  1. If you want to allow traffic passing through your firewall, you need to consider FORWARD chain. Other chains: INPUT and OUTPUT are for traffic destined to firewall and originated from firewall respectively.
  2. You are allowing icmp-type 0 which is echo reply. You need to allow echo request also.
  3. FORWARD default policy will be executed when no matching rule is found. This is also shown using iptables -L FORWARD -n -v command.
Khaled
  • 36,533
  • 8
  • 72
  • 99
  • Please see that I changed the question. I'm not interested in firewall, but only routing of packets. – stdcall May 31 '15 at 12:25