I want to create a gateway on linux which has 2 interfaces
eth0 and eth1.
Eth1 is created by a lte modem and once the lte modem attaches to the network and gets an ip address. Then a dhcp server is run on the gateway to provide this IP address (example: 10.20.30.6) to the PC connected to the eth0 lan network.
then eth0 is assigned with ip address 10.20.30.1
Now eth1 itself is not assigned any ip address.
Now i would like to forward all the packets received from pc on the lan interface eth0 to the eth1 wan interface.
Kindly suggest me the ip tables rules i need to use to create this forwarding.
Kindly note due to the limitation of the lte modem, bridge mode cannot be used and due to the limitation of the architecture to be created, NAT mode also cannot be used.
Best Answer
Where you are going, you don't need iptables.
What I understand you want to do is to have the gateway forward IP packets between two interfaces without the gateway performing any NAT on the forwarded packets. You can do this without any iptables rules.
My knowledge of LTE is lacking. So if there turns out to be any LTE specific caveats, I won't be able to help you with those. My answer will for the most part assume
eth0
andeth1
are both running ordinary IPv4 over Ethernet.First of all you need to ensure forwarding is enabled:
Packets arriving from the Internet will arrive on
eth1
. But the sender of those packets may need to perform ARP requests for10.20.30.6
which isn't assigned to your gateway. So your gateway will not respond to those ARP requests unless you enable ARP proxying:Once the ARP reply has been sent, the rest of the processing of incoming packets happens using ordinary IP packet forwarding, no magic needed.
Packets from the PC to the gateway require no tricks to arrive at the gateway through
eth0
. The tricky part then is how to get them to leave through theeth1
interface.You need a
default
route. But the gateway for that route would presumably be10.20.30.1
, which you just assigned toeth0
on the gateway you are setting up. However if you know the MAC address of the original gateway, you can get this to work without needing a real gateway IP address.First you invent a placeholder gateway IP address (should be an RFC 1918 address, which you don't need to communicate otherwise). For the example I'll assume
10.1.2.3
:Because 10.1.2.3 is created as a permanent entry in the ARP cache on your gateway, no ARP requests will be sent for this address. That means it will not be a problem that the next gateway is unaware of your chosen placeholder IP address.