iptables beginners query

Hi,

I have been asked to assist my colleague setting up a linux firewall
in the following configuration

Test PC 1 (172.31.0.253) to firewall via x-over cable to firewall nw
card 1.

Firewall nw card 2 to Test PC 2 (10.1.1.4) via x-over cable. Test PC2
is a web server which is to be accessed by Test PC 1. However the
user of Test PC 1 has been told the ip address to access Test PC2 is
172.31.0.4 therefore I presume this needs to nat to 10.1.1.4?

Before I start getting my hands dirty looking at Linux ip tables (of
which I have virtually no knowledge) could someone tell me if the
above configuration is possible, and is there anything I need to do
specifically for the above to work?

Any samples or pointers in the right direction would be much
appreciated as my boss has said he wants this working now!!!

Many thanks

http://www.linux-firewall-tools.com/linux/

In article <(E-Mail Removed)>,
Mart <(E-Mail Removed)> writes:
> Hi,
>
> I have been asked to assist my colleague setting up a linux firewall
> in the following configuration
>
> Test PC 1 (172.31.0.253) to firewall via x-over cable to firewall nw
> card 1.
>
> Firewall nw card 2 to Test PC 2 (10.1.1.4) via x-over cable. Test PC2
> is a web server which is to be accessed by Test PC 1. However the
> user of Test PC 1 has been told the ip address to access Test PC2 is
> 172.31.0.4 therefore I presume this needs to nat to 10.1.1.4?
>
> Before I start getting my hands dirty looking at Linux ip tables (of
> which I have virtually no knowledge) could someone tell me if the
> above configuration is possible, and is there anything I need to do
> specifically for the above to work?
>
> Any samples or pointers in the right direction would be much
> appreciated as my boss has said he wants this working now!!!
>
> Many thanks

In article <(E-Mail Removed)>,
Mart <(E-Mail Removed)> wrote:
:I have been asked to assist my colleague setting up a linux firewall
:in the following configuration
:
:Test PC 1 (172.31.0.253) to firewall via x-over cable to firewall nw
:card 1.
:
:Firewall nw card 2 to Test PC 2 (10.1.1.4) via x-over cable. Test PC2
:is a web server which is to be accessed by Test PC 1. However the
:user of Test PC 1 has been told the ip address to access Test PC2 is
:172.31.0.4 therefore I presume this needs to nat to 10.1.1.4?
:
:Before I start getting my hands dirty looking at Linux ip tables (of
:which I have virtually no knowledge) could someone tell me if the
:above configuration is possible, and is there anything I need to do
:specifically for the above to work?
:
:Any samples or pointers in the right direction would be much
:appreciated as my boss has said he wants this working now!!!

Sounds pretty straightforward. I recommend
_The_Linux_Network_Administrators'_Guide_, version 2, available online
or as a printed book at http://www.oreilly.com/catalog/linag2/book/ .
You can also get that document in PDF form at
http://www.tldp.org/LDP/nag2/nag2.pdf . Some of the examples in the
book closely match what you are trying to do. The PDF is nearly 500
pages long. If you're thinking about printing it out, it's cheaper to
buy the book from O'Reilly.

Another valuable resource is Oskar Andreasson's _Iptables_Tutorial_,
whish is available in several formats at
http://iptables-tutorial.frozentux.net/ .

--
Bob Nichols AT comcast.net I am "rnichols42"

Mart wrote:
> Hi,
>
> I have been asked to assist my colleague setting up a linux firewall
> in the following configuration
>
> Test PC 1 (172.31.0.253) to firewall via x-over cable to firewall nw
> card 1.
>
> Firewall nw card 2 to Test PC 2 (10.1.1.4) via x-over cable. Test PC2
> is a web server which is to be accessed by Test PC 1. However the
> user of Test PC 1 has been told the ip address to access Test PC2 is
> 172.31.0.4 therefore I presume this needs to nat to 10.1.1.4?
>
> Before I start getting my hands dirty looking at Linux ip tables (of
> which I have virtually no knowledge) could someone tell me if the
> above configuration is possible, and is there anything I need to do
> specifically for the above to work?
>
> Any samples or pointers in the right direction would be much
> appreciated as my boss has said he wants this working now!!!
>
> Many thanks

I understand you just want to access the PC2 using the IP 172.31.0.4.
It's not a matter of iptables, you just have to add the IP to PC2 and
the correct routes for that network in the firewall/router (I suppose
you have already the route in PC1 because of the IP it has). So you
put the firewall as the gateway of both PCs and then you assign the
IP 172.31.0.4 to PC2, as an alias with ifconfig or as another
primary address with iproute2 (ip command), and then you create a
route in the firewall/route from network/PC1 to network/PC2. No need
of iptables or NAT.

--

Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
(E-Mail Removed)
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"