0

I have a router with 2 interaces eth0 with IP 10.2.40.4 and eth2 with IP 10.2.20.3 I want the traffic from 10.2.40.0/24 network to egress out of 10.2.20.3 interface whose next hop IP is 10.2.20.1

I followed the below doc: https://unix.stackexchange.com/questions/186636/forward-packets-from-one-interface-to-another-interface-using-iptables

But was unable to get it through. Running a tcpdump on eth0, I can see traffic from 10.2.40.3(machine IP) to 8.8.8.8 and on eth2 I can see the traffic getting converted to 10.2.40.4 to 8.8.8.8

But the return traffic seems to be getting dropped.

Community
  • 1
  • 1
Aditya Gnaneshwar
  • 93
  • 3
  • 13

1 Answers1

0

N.B - edited the command (added eth2 as outgoing interface)

I understand from the setup described that the that the wan side on your router is eth2 which has address 10.2.20.3. Hence I would expect outgoing packets (on eth2) to have the source IP 10.2.20.3 and not 10.2.40.4. I think this indicates that you got your nat rules reversed or something.

In fact it seems that the only iptables rule that you need is: iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE

I suggest you remove all other DNAT/SNAT/MASQUERADE rules and try this one.

Yigal Reiss
  • 71
  • 5
  • it says Bad Argument "MASQUERADE" – Aditya Gnaneshwar Feb 12 '16 at 03:54
  • Hello, I still have the problem, would mind helping me? – Aditya Gnaneshwar Feb 14 '16 at 20:45
  • When I try pinging 8.8.8.8, I see the reply packets on the router but not reaching the machine itself. – Aditya Gnaneshwar Feb 14 '16 at 21:21
  • Still something seems to be wrong. The packets are not reaching the machine but seen on the router. – Aditya Gnaneshwar Feb 15 '16 at 16:28
  • I'll write what I would expect and then you can check what goes wrong. The router should have a route table that forwards 10.2.40.0/24 to eth0 and 10.2.20.0/24 to eth2. When you ping from e.g. 10.2.40.8 to 8.8.8.8 then tcpdump on eth0 should show packets from 10.2.40.8 --> 8.8.8.8 and tcpdump on eth2 (after nat) should show 10.2.20.3 --> 8.8.8.8. The ICMP response seen on eth2 should be 8.8.8.8 --> 10.2.20.3 and then it should then appear on eth0 (after dnat) as 8.8.8.8 --> 10.2.40.8. If the last step does not happen then I would suspect the routing table. The snat should happen automatically. – Yigal Reiss Feb 16 '16 at 09:13
  • Thanks for your follow up. It was a network issue. Currently everything resolved. – Aditya Gnaneshwar Feb 16 '16 at 14:49