Centos – how to add iptables rules for two NICs on CentOS(act as a gateway)

centosgatewaynicroute

I have a machine C with two NICs, namely eth0 and eth1, with CentOS 4.9 installed on it. Also I have a machine A connecting to C through eth0 and a machine B connecting to C through eth1. Now I want machine A to be in a subnet (e.g. 192.168.3.0/24) and machine B to be in another subnet (e.g. 192.168.4.0/24) and they could communicate with each other.

                  eth0         eth1
Machine A <---------> Machine C <---------> Machine B
           ...3.0/24             ...4.0/24

According to the answer of my previous question about this problem, I configured my eth0 and eth1:

/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
BOOTPROTO=static
IPADDR=192.168.3.1
NETMASK=255.255.255.0
ONBOOT=yes
TYPE=Ethernet

/etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE=eth1
BOOTPROTO=static
IPADDR=192.168.4.1
NETMASK=255.255.255.0
ONBOOT=yes
TYPE=Ethernet

And configure Machine A (Windows XP) with 192.168.3.10, 192.168.3.1(gw), and Machine B (windows 7) with 192.168.4.10, 192.168.4.1(gw). I have enabled ip forwarding on machine C. Now, I haven't added any routes or iptables rules. I could ping 192.168.3.10 from machine B, but not vice vesa. Am i missing some routing rules? If yes, how to add these rules?

Any suggestions or tutorials or howtos will be appreciated.

Best Answer

A quick test:

Control Panel -> Windows Firewall (under System and Security, if you do that sort of thing). In the left pane, click 'Turn Windows Firewall On/Off', then turn off the Firewall in the right pane.

If you can ping it then, great... you can turn it back on, and allow ping by using the directions at http://www.sysprobs.com/enable-ping-reply-windows-7.

If that doesn't work, another quick test would be to shutdown iptables, just for troubleshooting purposes, of course. Even if you don't remember messing with it, it's worth testing...

sudo /etc/init.d/iptables stop

Related Solutions

Linux – Xen machine can see others on subnet but not gateway

Show your xen bridge/route script (that actually provides network for domU).
What's the difference in tcpdump output on dom0 external interface when you ping host A and gateway from domU ?

Centos 6.2 Fresh ‘Basic Server’ install networking issues

Your routes and configuration look fine.

$: route -n
Destination // Gateway // Genmask // Flags // Metric // Ref // Use // Iface
66.*.*.0       0.0.0.0    255.255.255.248   U   1003      0   0     0  em2
0.0.0.0        66.*.*.1   0.0.0.0           UG     0      0   0     0  em2

The first route, 66.*.*.0/29 with gateway 0.0.0.0 tells your computer to use interface em2 and then make an arp request to find the hardware address of the host you're trying to reach. This is a "connected" route.

The second one is the default route, pointing at your default gateway through em2. If you need to send a packet in another network than 66.*.*.0/29, your computer will make an arp request to find 66.*.*.1 and then send the packets to it.

The only thing in your configuration that could be an issue is the NM_CONTROLLED=yes statement in /etc/sysconfig/network-scripts/ifcfg-em2. This tells the system that this interface is controlled by NetworkManager. This could interfere with your static configuration.

However, even without any default gateway you should be able to ping and ssh from the 66.*.*.0/29 subnet to your machine.

Check layer 1 first, and ensure that the cable is plugged on each side. Use leds on nic and switch, and check if the system sees it correctly:

# mii-tool
eth0: negotiated 1000baseT-FD flow-control, link ok

Then verify if any iptables are dropping the packets. Use iptables -L or iptables-save to check for any rules, and iptables -D <rule> to delete them. Pay attention to the default policy.

Also, on some systems, NetworkManager can configure ufw automatically, and I've had issues with static interface configuration that wasn't seen by NM and hence blocked by ufw.

Best Answer

Related Solutions

Linux – Xen machine can see others on subnet but not gateway

Centos 6.2 Fresh ‘Basic Server’ install networking issues

Related Topic