[LUNI] Setting up a simple choke
seva at sevatech.com
Tue Nov 19 23:26:01 CST 2002
Try this, assuming that printer and the rest of the network are on different
subnets, otherwise if they are on the same subnet you'll need bridging (see
On the machines on your network type:
route add -host <printer ip> <router ip>
(Or something along those lines)
On Tue, 19 Nov 2002, Michael Knoop wrote:
> I need some help setting up a linux box as a simple filter for ip packages.
> The box has two ethernet cards, eth0 and eth1. Each is configured and up.
> eth1 is directly connected to a single printer via a cat5 crossover cable.
> eth0 is connected to the local net. The box if supposed to forward packets
> destined for the printer. It is also supposed to filter these packages
> depending on the source IP address for the package. Simple, huh?
> I am running kernel 2.2.20, so I can filter the packages using ipchains.
> This is not a problem, I can do that just fine.
> The problem is that I just cannot get the stupid box to forward the IP
> packages to the printer through eth1.
> I added the route via:
> route add -host xxx.yyy.zzz.72 dev eth1
> and it appears in the listing from "route" just fine.
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> xxx.yyy.zzz.72 * 255.255.255.255 UH 0 0 0 eth1
> localnet * 255.255.255.0 U 0 0 0 eth0
> localnet * 255.255.255.0 U 0 0 0 eth1
> default ssb1.gw.xxx.yyy 0.0.0.0 UG 0 0 0 eth0
> I also turned on ip forwarding by means of:
> echo "1" > /proc/sys/net/ipv4/ip_forward
> All the documentation I can find says that these are all the things that
> should be sufficient to do the package forwarding.
> It does not forward anything.
> If I am logged on the box itself, I can ping the printer just fine, but I
> cannot ping it from the network.
> What am I missing?
> Please do not suggest that I use IP masquerading, because I already tried
> that. I was able to set it up just fine, but windows sharing does not pass
> through NAT because the packages contain embedded IP addresses. The
> printer has an internal server that works by windows sharing. This windows
> sharing has become the source of problems because of the bugbear virus
> which keeps attacking the printer from outside the University and causing
> it to print reams of garbage.
> Please help if you can,
> Michael Knoop - Office of Testing Services, UIC
> Linux Users Of Northern Illinois - Technical Discussion
> luni at luni.org
seva at sevatech.com
More information about the luni