How to redirect all traffic in eth0 to eth1 and backHow to use iptables to forward all data from an IP to a...

Engineer refusing to file/disclose patents

Aligning individual characters/glyphs like a monospace font

How do I repair my stair bannister?

Drawing ramified coverings with tikz

Can I use my Chinese passport to enter China after I acquired another citizenship?

Query about absorption line spectra

Flux received by a negative charge

Bob has never been a M before

Using a siddur to Daven from in a seforim store

Do the concepts of IP address and network interface not belong to the same layer?

Global amount of publications over time

Longest common substring in linear time

What's the difference between 違法 and 不法?

A social experiment. What is the worst that can happen?

Fly on a jet pack vs fly with a jet pack?

ArcGIS not connecting to PostgreSQL db with all upper-case name

Did arcade monitors have same pixel aspect ratio as TV sets?

Does having a TSA Pre-Check member in your flight reservation increase the chances that everyone gets Pre-Check?

Can somebody explain Brexit in a few child-proof sentences?

Why do IPv6 unique local addresses have to have a /48 prefix?

Why did the EU agree to delay the Brexit deadline?

We have a love-hate relationship

Is it possible to use .desktop files to open local pdf files on specific pages with a browser?

Confusion on Parallelogram



How to redirect all traffic in eth0 to eth1 and back


How to use iptables to forward all data from an IP to a Virtual Machinecentos 6.4 nat virtual machines not able to connect to the internetWhat is MASQUERADE made for?With iptables how to route traffic from virtualbox internal adaptor to eth0 interface?How to I configure iptables for both IP masquerading and firewalling at the same time?EVIL AP - Internet connection bridging issueWhy can't the gateway redirect back with iptables DNAT?iptables - “can't initialize iptables table `nat '”How to write an nfttables snat rule?Linux mint ddns and iptables ssh,ftp connect













1















I have a Ubuntu box with eth0 and eth1.



How can I redirect all the traffic coming from eth0 to eth1 and back?



Should I do DNAT and SNAT like below or just forwarding or both ?



Edit



My case is like this A-B-C, 3 machines. Both A & C in different network. B have two nic one is A's network (eth0) and other in B's network (eth1). I can't set B as the gateway in A nor B.



Below is how this was achieved by iptables on host B: SOLUTION



iptables -t nat -A PREROUTING -p tcp -m tcp ! --dport 22 -j DNAT --to-destination eth1IP
iptables -t nat -A POSTROUTING -p tcp -m tcp -o eth1 -j MASQUERADE


Have excluded port 22 so that SSH traffic is spared from the rules and my ssh to host C works.










share|improve this question
















bumped to the homepage by Community 14 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
















  • Are those different Ethernet ports using different hardware?

    – Biswapriyo
    Jun 13 '17 at 8:15






  • 2





    Why do you want to do this?

    – Seth
    Jun 13 '17 at 8:49











  • Both are in different network. A --- B --- C. A and B(eth0) in same network. B(eth1) and C in same network. If A wants to talks to C then it's only possible via B.

    – SleepyLord
    Jun 13 '17 at 8:53
















1















I have a Ubuntu box with eth0 and eth1.



How can I redirect all the traffic coming from eth0 to eth1 and back?



Should I do DNAT and SNAT like below or just forwarding or both ?



Edit



My case is like this A-B-C, 3 machines. Both A & C in different network. B have two nic one is A's network (eth0) and other in B's network (eth1). I can't set B as the gateway in A nor B.



Below is how this was achieved by iptables on host B: SOLUTION



iptables -t nat -A PREROUTING -p tcp -m tcp ! --dport 22 -j DNAT --to-destination eth1IP
iptables -t nat -A POSTROUTING -p tcp -m tcp -o eth1 -j MASQUERADE


Have excluded port 22 so that SSH traffic is spared from the rules and my ssh to host C works.










share|improve this question
















bumped to the homepage by Community 14 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
















  • Are those different Ethernet ports using different hardware?

    – Biswapriyo
    Jun 13 '17 at 8:15






  • 2





    Why do you want to do this?

    – Seth
    Jun 13 '17 at 8:49











  • Both are in different network. A --- B --- C. A and B(eth0) in same network. B(eth1) and C in same network. If A wants to talks to C then it's only possible via B.

    – SleepyLord
    Jun 13 '17 at 8:53














1












1








1








I have a Ubuntu box with eth0 and eth1.



How can I redirect all the traffic coming from eth0 to eth1 and back?



Should I do DNAT and SNAT like below or just forwarding or both ?



Edit



My case is like this A-B-C, 3 machines. Both A & C in different network. B have two nic one is A's network (eth0) and other in B's network (eth1). I can't set B as the gateway in A nor B.



Below is how this was achieved by iptables on host B: SOLUTION



iptables -t nat -A PREROUTING -p tcp -m tcp ! --dport 22 -j DNAT --to-destination eth1IP
iptables -t nat -A POSTROUTING -p tcp -m tcp -o eth1 -j MASQUERADE


Have excluded port 22 so that SSH traffic is spared from the rules and my ssh to host C works.










share|improve this question
















I have a Ubuntu box with eth0 and eth1.



How can I redirect all the traffic coming from eth0 to eth1 and back?



Should I do DNAT and SNAT like below or just forwarding or both ?



Edit



My case is like this A-B-C, 3 machines. Both A & C in different network. B have two nic one is A's network (eth0) and other in B's network (eth1). I can't set B as the gateway in A nor B.



Below is how this was achieved by iptables on host B: SOLUTION



iptables -t nat -A PREROUTING -p tcp -m tcp ! --dport 22 -j DNAT --to-destination eth1IP
iptables -t nat -A POSTROUTING -p tcp -m tcp -o eth1 -j MASQUERADE


Have excluded port 22 so that SSH traffic is spared from the rules and my ssh to host C works.







linux networking ubuntu iptables nat






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jun 13 '17 at 11:19







SleepyLord

















asked Jun 13 '17 at 7:59









SleepyLordSleepyLord

143117




143117





bumped to the homepage by Community 14 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







bumped to the homepage by Community 14 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.















  • Are those different Ethernet ports using different hardware?

    – Biswapriyo
    Jun 13 '17 at 8:15






  • 2





    Why do you want to do this?

    – Seth
    Jun 13 '17 at 8:49











  • Both are in different network. A --- B --- C. A and B(eth0) in same network. B(eth1) and C in same network. If A wants to talks to C then it's only possible via B.

    – SleepyLord
    Jun 13 '17 at 8:53



















  • Are those different Ethernet ports using different hardware?

    – Biswapriyo
    Jun 13 '17 at 8:15






  • 2





    Why do you want to do this?

    – Seth
    Jun 13 '17 at 8:49











  • Both are in different network. A --- B --- C. A and B(eth0) in same network. B(eth1) and C in same network. If A wants to talks to C then it's only possible via B.

    – SleepyLord
    Jun 13 '17 at 8:53

















Are those different Ethernet ports using different hardware?

– Biswapriyo
Jun 13 '17 at 8:15





Are those different Ethernet ports using different hardware?

– Biswapriyo
Jun 13 '17 at 8:15




2




2





Why do you want to do this?

– Seth
Jun 13 '17 at 8:49





Why do you want to do this?

– Seth
Jun 13 '17 at 8:49













Both are in different network. A --- B --- C. A and B(eth0) in same network. B(eth1) and C in same network. If A wants to talks to C then it's only possible via B.

– SleepyLord
Jun 13 '17 at 8:53





Both are in different network. A --- B --- C. A and B(eth0) in same network. B(eth1) and C in same network. If A wants to talks to C then it's only possible via B.

– SleepyLord
Jun 13 '17 at 8:53










1 Answer
1






active

oldest

votes


















0














Provided the netmasks are correct and do not overlap, you do not need to use DNAT or SNAT, you simply need to ensure that:




  1. Each computer has a default gateway set through the Linux box, or has a route to the other network via the Linux box.


  2. The Linux box has forwarding enabled – uncomment net.ipv4.ip_fortward in /etc/sysctl.conf and reboot (or echo 1 > /proc/sys/net/ipv4/ip_forward to do it temporarily).


  3. Ensure the firewall allows forwarding (iptables -vnL and check that the FORWARDING rule has no chains and is set to default ACCEPT). This is, I believe the default.







share|improve this answer


























  • I can't change the default gateway in other machine.

    – SleepyLord
    Jun 13 '17 at 11:11











  • Why not bridge eth0 and eth1 so they appear as a single network?

    – davidgo
    2 mins ago











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1218731%2fhow-to-redirect-all-traffic-in-eth0-to-eth1-and-back%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









0














Provided the netmasks are correct and do not overlap, you do not need to use DNAT or SNAT, you simply need to ensure that:




  1. Each computer has a default gateway set through the Linux box, or has a route to the other network via the Linux box.


  2. The Linux box has forwarding enabled – uncomment net.ipv4.ip_fortward in /etc/sysctl.conf and reboot (or echo 1 > /proc/sys/net/ipv4/ip_forward to do it temporarily).


  3. Ensure the firewall allows forwarding (iptables -vnL and check that the FORWARDING rule has no chains and is set to default ACCEPT). This is, I believe the default.







share|improve this answer


























  • I can't change the default gateway in other machine.

    – SleepyLord
    Jun 13 '17 at 11:11











  • Why not bridge eth0 and eth1 so they appear as a single network?

    – davidgo
    2 mins ago
















0














Provided the netmasks are correct and do not overlap, you do not need to use DNAT or SNAT, you simply need to ensure that:




  1. Each computer has a default gateway set through the Linux box, or has a route to the other network via the Linux box.


  2. The Linux box has forwarding enabled – uncomment net.ipv4.ip_fortward in /etc/sysctl.conf and reboot (or echo 1 > /proc/sys/net/ipv4/ip_forward to do it temporarily).


  3. Ensure the firewall allows forwarding (iptables -vnL and check that the FORWARDING rule has no chains and is set to default ACCEPT). This is, I believe the default.







share|improve this answer


























  • I can't change the default gateway in other machine.

    – SleepyLord
    Jun 13 '17 at 11:11











  • Why not bridge eth0 and eth1 so they appear as a single network?

    – davidgo
    2 mins ago














0












0








0







Provided the netmasks are correct and do not overlap, you do not need to use DNAT or SNAT, you simply need to ensure that:




  1. Each computer has a default gateway set through the Linux box, or has a route to the other network via the Linux box.


  2. The Linux box has forwarding enabled – uncomment net.ipv4.ip_fortward in /etc/sysctl.conf and reboot (or echo 1 > /proc/sys/net/ipv4/ip_forward to do it temporarily).


  3. Ensure the firewall allows forwarding (iptables -vnL and check that the FORWARDING rule has no chains and is set to default ACCEPT). This is, I believe the default.







share|improve this answer















Provided the netmasks are correct and do not overlap, you do not need to use DNAT or SNAT, you simply need to ensure that:




  1. Each computer has a default gateway set through the Linux box, or has a route to the other network via the Linux box.


  2. The Linux box has forwarding enabled – uncomment net.ipv4.ip_fortward in /etc/sysctl.conf and reboot (or echo 1 > /proc/sys/net/ipv4/ip_forward to do it temporarily).


  3. Ensure the firewall allows forwarding (iptables -vnL and check that the FORWARDING rule has no chains and is set to default ACCEPT). This is, I believe the default.








share|improve this answer














share|improve this answer



share|improve this answer








edited Jun 13 '17 at 11:27









Kamil Maciorowski

28.5k156187




28.5k156187










answered Jun 13 '17 at 10:58









davidgodavidgo

44.4k75292




44.4k75292













  • I can't change the default gateway in other machine.

    – SleepyLord
    Jun 13 '17 at 11:11











  • Why not bridge eth0 and eth1 so they appear as a single network?

    – davidgo
    2 mins ago



















  • I can't change the default gateway in other machine.

    – SleepyLord
    Jun 13 '17 at 11:11











  • Why not bridge eth0 and eth1 so they appear as a single network?

    – davidgo
    2 mins ago

















I can't change the default gateway in other machine.

– SleepyLord
Jun 13 '17 at 11:11





I can't change the default gateway in other machine.

– SleepyLord
Jun 13 '17 at 11:11













Why not bridge eth0 and eth1 so they appear as a single network?

– davidgo
2 mins ago





Why not bridge eth0 and eth1 so they appear as a single network?

– davidgo
2 mins ago


















draft saved

draft discarded




















































Thanks for contributing an answer to Super User!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1218731%2fhow-to-redirect-all-traffic-in-eth0-to-eth1-and-back%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Why not use the yoke to control yaw, as well as pitch and roll? Announcing the arrival of...

Couldn't open a raw socket. Error: Permission denied (13) (nmap)Is it possible to run networking commands...

VNC viewer RFB protocol error: bad desktop size 0x0I Cannot Type the Key 'd' (lowercase) in VNC Viewer...