Routing traffic between 2 iptables machines (FORMATTING EDIT)

Routing traffic between 2 iptables machines (FORMATTING EDIT)

[Sajesh Singh]

Iptables gurus,
               I have been trying to implement a solution using 2 iptables boxes as routers for traffic between two hosts on two different networks. I have four different machine that I would like to have traffic routed between:

Machine 1 - Client A  - IP : A.A.A.A
Machine 2 -  iptables Machine A  - IP: B.B.B.B (One interface only)
Machine 3 - iptables Macine B - IP: C.C.C.C (One interface only)
Machine 4 - Client B - IP: D.D.D.D

What I would like to accomplish is to have traffic from Client A route traffic through iptables Machine A which then sends the traffic to iptables Machine B when then forwards the traffic to Client B and the reverse as well. I would also like for the IP address of Client A to be visible to Client B.

I have tried various scenarios with PREROUTING (DNAT) and FORWARDING rules with  no success. The connection either seems to hang to or I get error stating no route to host. Also forwarding is enabled on each of the iptables machine. Below are the rules that I have tried to use:

Firewall rules from Machine 2 - Iptables Machine A

# Generated by iptables-save v1.4.12 on Fri Jun  1 12:26:55 2012

*nat

:PREROUTING ACCEPT [142418:19715843]

:INPUT ACCEPT [21:8744]

:POSTROUTING ACCEPT [8439:405588]

-A PREROUTING -d D.D.D.D/32 -j DNAT --to-destination C.C.C.C

COMMIT

# Completed on Fri Jun  1 12:26:55 2012

# Generated by iptables-save v1.4.12 on Fri Jun  1 12:26:55 2012

*filter

:INPUT DROP [0:0]

:FORWARD DROP [0:0]

:OUTPUT ACCEPT [43:4084]

:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT

-A FORWARD -j RH-Firewall-1-INPUT

-A FORWARD -d C.C.C.C/32 -j ACCEPT

-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

-A RH-Firewall-1-INPUT -i lo -j ACCEPT

-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

COMMIT

# Completed on Fri Jun  1 12:26:55 2012


Firewall rules from Machine 3 - Iptables Machine B 

# Generated by iptables-save v1.4.12 on Fri Jun  1 12:27:51 2012

*nat

:PREROUTING ACCEPT [53576:4590151]

:INPUT ACCEPT [11:4620]

:OUTPUT ACCEPT [64:4512]

:POSTROUTING ACCEPT [65:5012]

-A PREROUTING -d A.A.A.A/32 -j DNAT --to-destination B.B.B.B 

COMMIT

# Completed on Fri Jun  1 12:27:51 2012

# Generated by iptables-save v1.4.12 on Fri Jun  1 12:27:51 2012

*filter

:INPUT DROP [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [48:4544]

:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT

-A FORWARD -j RH-Firewall-1-INPUT

-A FORWARD -d B.B.B.B/32 -j ACCEPT

-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

-A RH-Firewall-1-INPUT -i lo -j ACCEPT

-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

COMMIT

# Completed on Fri Jun  1 12:27:51 2012 


Any help is appreciated.

Regards,

Sajesh 

Re: Routing traffic between 2 iptables machines (FORMATTING EDIT)

[Jan Engelhardt]

On Friday 2012-06-01 21:00, Sajesh Singh wrote:
>(FORMATTING EDIT)

jfyi, it was better before the edit ;-)