[CentOS] How to access one machine behind iptables, on different subnet?

29 Oct 2010


      Hi all,
I wonder if someone can help me with this: The setup is as follows:
192.168.1.254 - wireless ADSL modem, with DHCP pool on 192.168.100 - 192.168.200
192.168.1.250 - Linux firewall RED interface
192.168.2.250 - Linux firewall GREEN interface.
There are some normal LAN clients behind the Linux firewall's GREEN
interface, which can all access each other's shared services and also
all the clients behind the RED interface. i.e. those clients connected
to the 192.168.1.254 ADSL wifi APP directly.
Now I want the clients on the "outside" to connect to one specific
host on the inside, behind the GREEN interface, on IP 192.168.1.20.
How would I do that? I know I can do this with port fowarding, but
need many ports forwarded. How do I give full access to all ports on
this IP, instead of forwarding every port? Does that make sense?
Currently no clients on the 192.168.1.0 subnect can access any client
on the 192.168.2.0 subnet.
[root@intranet ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:tftp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:25151
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             192.168.122.0/24    state
RELATED,ESTAB
                           LISHED
ACCEPT     all  --  192.168.122.0/24     anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere
reject-with icmp-po
                                 rt-unreachable
REJECT     all  --  anywhere             anywhere
reject-with icmp-po
                                 rt-unreachable
ACCEPT     all  --  192.168.2.0/24       anywhere
ACCEPT     all  --  anywhere             192.168.2.0/24
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@intranet ~]# route -nv
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth1
0.0.0.0         192.168.1.254   0.0.0.0         UG    0      0        0 eth0
The Linux firewall runs CentOS 5.5. x64
[root@intranet ~]# cat /etc/redhat-release
CentOS release 5.5 (Final)
[root@intranet ~]# iptables -V
iptables v1.3.5
-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

[CentOS] How to access one machine behind iptables, on different subnet?