help - iptables multiple interface issues (in/out interface parameter)
I currently have three interfaces installed on my Suse 7.1 PPC system. eth0 eth1 eth2 I am using iptables v1.2 I apply: iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP iptables -A INPUT -i eth0 -j LOG --log-prefix "eth0 incoming" iptables -A INPUT -i eth0 -j ACCEPT iptables -A INPUT -i eth1-j LOG --log-prefix "eth1 incoming" iptables -A INPUT -i eth1 -j ACCEPT iptables -A INPUT -i eth2 -j LOG --log-prefix "eth2 incoming" iptables -A INPUT -i eth2 -j ACCEPT iptables -A OUTPUT -o eth0 -j LOG --log-prefix "eth0 outgoing" iptables -A OUTPUT -o eth0 -j ACCEPT iptables -A OUTPUT -o eth1 -j LOG --log-prefix "eth1 outgoing" iptables -A OUTPUT -o eth1 -j ACCEPT iptables -A OUTPUT -o eth2 -j LOG --log-prefix "eth2 outgoing" iptables -A OUTPUT -o eth2 -j ACCEPT I have been having problems getting my code to restrict access according to the interface. When I ping the IP address that should belong to a particular interface, the route of access appears to randomly select any one of the interfaces instead of only the corresponding one. pinging ip address x.x.x.1 should correspond to input to interface eth0, however at random eth0, eth1, or eth2 ends up being used. the echo for the ping regardless of the input interface always outputs from interface eth0. (I am not sure if that is ping default or not) Upon viewing the logfile the following pattern is apparent. ping -c 3 x.x.x.1 (which should correspond to input interface eth0) may produce something in the log file similar to: eth0 incoming , IN=eth0, OUT= eth1 incoming , IN=eth1, OUT= eth1 incoming , IN=eth1, OUT= eth0 incoming , IN=eth0, OUT= eth0 incoming , IN=eth0, OUT= eth2 incoming , IN=eth2, OUT= eth0 outgoing , IN=, OUT=eth0 eth0 outgoing , IN=, OUT=eth0 eth1 incoming , IN=eth1, OUT= eth2 incoming , IN=eth2, OUT= eth0 incoming , IN=eth0, OUT= eth1 incoming , IN=eth1, OUT= eth0 outgoing , IN=, OUT=eth0 eth0 outgoing , IN=, OUT=eth0 any help on this issue is appreciated. _________________________________________________________________ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com
maybe knowing more about your network would help .. what ips, how are the
systems connected, where should your system route the traffic etc... if you
ping the ip on eth0, only eth0 should receive it (unless you put your
network card into promiscuous mode i guess) and if eth0 is on the same
subnet as the pinging system is, only eth0 should respond, so there might be
something wrong with the network you have?
----- Original Message -----
From: "c G"
I currently have three interfaces installed on my Suse 7.1 PPC system.
eth0 eth1 eth2
I am using iptables v1.2
(...)
When I ping the IP address that should belong to a particular interface, the route of access appears to randomly select any one of the interfaces instead of only the corresponding one.
pinging ip address x.x.x.1 should correspond to input to interface eth0, however at random eth0, eth1, or eth2 ends up being used.
the echo for the ping regardless of the input interface always outputs from interface eth0. (I am not sure if that is ping default or not) (...)
Hi, I had the same problem some time ago. Are your networkcards connected to a hup? This sounds a little like a loop in your network. I used a x-cross cable to solve the problem. But more informations about your network would help to solve your problem. Regards Ruediger c G wrote:
I currently have three interfaces installed on my Suse 7.1 PPC system.
eth0 eth1 eth2
I am using iptables v1.2
I apply:
iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP
iptables -A INPUT -i eth0 -j LOG --log-prefix "eth0 incoming" iptables -A INPUT -i eth0 -j ACCEPT iptables -A INPUT -i eth1-j LOG --log-prefix "eth1 incoming" iptables -A INPUT -i eth1 -j ACCEPT iptables -A INPUT -i eth2 -j LOG --log-prefix "eth2 incoming" iptables -A INPUT -i eth2 -j ACCEPT
iptables -A OUTPUT -o eth0 -j LOG --log-prefix "eth0 outgoing" iptables -A OUTPUT -o eth0 -j ACCEPT iptables -A OUTPUT -o eth1 -j LOG --log-prefix "eth1 outgoing" iptables -A OUTPUT -o eth1 -j ACCEPT iptables -A OUTPUT -o eth2 -j LOG --log-prefix "eth2 outgoing" iptables -A OUTPUT -o eth2 -j ACCEPT
I have been having problems getting my code to restrict access according to the interface. When I ping the IP address that should belong to a particular interface, the route of access appears to randomly select any one of the interfaces instead of only the corresponding one.
pinging ip address x.x.x.1 should correspond to input to interface eth0, however at random eth0, eth1, or eth2 ends up being used.
the echo for the ping regardless of the input interface always outputs from interface eth0. (I am not sure if that is ping default or not)
Upon viewing the logfile the following pattern is apparent.
ping -c 3 x.x.x.1 (which should correspond to input interface eth0) may produce something in the log file similar to:
eth0 incoming , IN=eth0, OUT= eth1 incoming , IN=eth1, OUT= eth1 incoming , IN=eth1, OUT= eth0 incoming , IN=eth0, OUT= eth0 incoming , IN=eth0, OUT= eth2 incoming , IN=eth2, OUT= eth0 outgoing , IN=, OUT=eth0 eth0 outgoing , IN=, OUT=eth0 eth1 incoming , IN=eth1, OUT= eth2 incoming , IN=eth2, OUT= eth0 incoming , IN=eth0, OUT= eth1 incoming , IN=eth1, OUT= eth0 outgoing , IN=, OUT=eth0 eth0 outgoing , IN=, OUT=eth0
any help on this issue is appreciated.
_________________________________________________________________ Join the world's largest e-mail service with MSN Hotmail. http://www.hotmail.com
Hi,
I had the same problem some time ago. Are your networkcards connected to a hup? This sounds a little like a loop in your network. I used a x-cross cable to solve the problem. But more informations about your network would help to solve your problem.
So what - should'nt a distinct route determine, whereover the packets have to go to ? e.g. eth0 192.168.1.1 eth1 192.168.1.2 eth2 192.168.1.3 netstat -rn 192.168.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 192.168.1.2 0.0.0.0 255.255.255.255 UH 0 0 0 eth1 192.168.1.3 0.0.0.0 255.255.255.255 UH 0 0 0 eth2 route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 netstat -rn 192.168.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 192.168.1.2 0.0.0.0 255.255.255.255 UH 0 0 0 eth1 192.168.1.3 0.0.0.0 255.255.255.255 UH 0 0 0 eth2 192.168.1.0 192.168.1.1 255.255.255.0 UG 0 0 0 eth0 so every packet should be routed via eth0 Yours Michael Appeldorn
participants (4)
-
c G
-
ic_admin
-
Michael Appeldorn
-
Michael Stern