Just to make sure I know where I stand before I start.

Can iptables be used to run as a router...

Example... packets in eth0 and out the1...

Also any recommendations for aIPTables GUI...


Thanks...

Erm, sort of.

IPTables can be user to masquerade connections, and as long as your kernel supports IP Forwarding, you can control the flow of information as much as you like. Check out /proc/sys/net/ipv4/ip_forward and see if it has a "1" (on) or "0" (off) in it and you can "cat" 1 or 2 into it.

James

I'll go ahead with IPTables as a drop in router, i.e will have the same IP address on all NICs, my kernal supports IP forwarding.

Thanks...

You can't have the same IP address on all NICs. Whilst I believe a NIC can have more than one IP address, an IP address can only be bound to one NIC.

You can use "routed" to manage routing tables (if you have a complicated enough network), IPTables to forward ports onto other ports and/or IP address and IP_Forward is what actually allows the kernel to forward packets across NICs.

James

How can I get both cards working on the same range?

Both cards have been given different IP addresses on the same range but only one seems active, taking the network cable and trying it in both ethernet ports only one works, not just in pinging from the machine but also pinging to the computer.

I need all NIC to be on the same range as this firewall is for a range of legal IPs, request for an IP should be passed straight on to the correct IP, port forwarding sounds like more of a NAT solution.

The same IP range is one thing; James was just pointing out that you can't have the same IP address bound to multiple interfaces.

When you issue the following command, what are the results?:

ifconfig

Right, first of all, thanks DMR - just for making my point clearer.

Can you please explain what you are trying to do. I don't understand why you want all the network set up on the same IP subnet (and for the sake of clarity to non-techie users, I'll substitute the word range for the word subnet from here on in.

IF you are running a private home network with Masq'ing, you would want the one TRUE Internet interface configured with the IP that is assigned/you own. IF you own multiple IPs, you can simply run all the computers with fixed IPs or dynamic, but controlled by a DHCP server.

The advantage of having multiple Ethernet cards in a machine is that you can bridge and Masq at the same time across subnets - one of the beauties of Linux! (It's damn easy to configure!)

Can you tell us what cards you have in your machine? If they are the same type, LiLo and the kernel will only find one. You have to pass special parameters to find the second.

Let us know, and we'll have you networking your <INSERT SUITABLE NOUN FOLLOWED BY ADVERB> in no time!

James

Originally posted by Satanic Atheist
I'll substitute the word range for the word subnet from here on in. Yes, right- subnet is technically more correct.


As for the rest:

Please do tell us exactly what you are trying to do here. If you're trying to set up a router/firewall, the IP of the WAN-facing NIC will almost surely be on a different network/subnet than than the LAN-facing NIC.

- Dave

Oh, BTW James- I fixed that little parenthetical foul you had in your italic quoting/coding; hope you don't mind. :p

Thanks, pal. Didn't know I made one. For some reason this board is so damn slow on this side of the pond that it's easier for me to skip to another forum that re-read my own post!

James

No sweat James- that what I'm paid for.

Erm, wait a minute- I'm not paid for anything here (unless a T-Shirt counts).... Oh well.

Originally posted by DMR
(unless a T-Shirt counts)

Pay enough. :D

Pay enough? Not at this point in my life robbo...

(Although it is kind of cool to know that I probably have the only Just Linux T-shirt in California :) )

I'm hooked. How do you get a "JustLinux T-shirt"??? I post here often enough and cause enough trouble to warrant one!

James

Originally posted by Satanic Atheist
I'm hooked. How do you get a "JustLinux T-shirt"??? I post here often enough and cause enough trouble to warrant one!

James Ha! You are not worthy, mortal.

Well, I've got a SharkTank T-shirt...

What the hell did you have to do to get one? (Apart from abusing your moderator priveleges among other forms of abuse...)

James

Actually, it was the moderator bit that did it (but not the abuse). The shirts were a limited run for the mods and admins. I'm not sure how many were made, but I think it was only a handful or so.

Hmmm, maybe you should print some off and generate some revenue? Do I get one free for suggesting it?

James

Originally posted by Satanic Atheist
Do I get one free for suggesting it?No, but perhaps if you ask Brian Proffitt verrrryyyy nicely... ;)

Will do!

Can't believe that we actually managed a chat on a public forum...

Who is Brian Proffitt anyway? Apart from one of the mods...

James

Brian is, among other things, the editor of this site.

Anyway- we're way off topic, so let's kill this one...

:)

Originally posted by DMR
James was just pointing out that you can't have the same IP address bound to multiple interfaces.

Actually, you can bind one IP address to however many NICs you want using ifenslave. There's a readme here (http://linux.ctyme.com/userdoc/kernel-doc-2.4.20/networking/bonding.txt)

Ahhh, very cool. Thanks for the info shakin.

:)

Ok to clarify what I am trying to do,

I have a supernet of 512 legal IP addresses, so NAT is not wanted.

This is why I want all interfaces on the same supernet, all interfaces don't need to have the same IP.

Problem is when the cards are on the same supernet only one works.

:)

I'm still stuck, why don't both interfaces work if they are on the same "subnet"?