Configure server on network to analyze traffic
- by Strajan Sebastian
I have the following network:
http://i.stack.imgur.com/rapkH.jpg
I want to send all the traffic from the devices that connect to the 192.168.0.1 router to the 192.168.10.1 router(and eventually to the Internet), by passing through the server and an additional router. Almost 2 days have passed and I can't figure what is wrong.
While searching on the Internet for some similar configuration I found some articles that are somehow related to my needs, but the proposed solutions don't seem to work for me. This is a similar article: iptables forwarding between two interface
I done the following steps for the configuration process:
Set static IP address 192.168.1.90 for the eth0 on the server from the 192.168.1.1 router
Set static IP address 192.168.0.90 for the eth1 on the server from the 192.168.0.1 router
Forwarded all the traffic from 192.168.0.1 router to the server on eth1 interface witch seems to be working. The router firmware has some option to redirect all the traffic from all the ports to a specified address.
Added the following rules on the server(Only the following, there aren't any additional rules):
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A FORWARD -i eth1 -o eth0 -m state -–state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
I also tried changing
iptables -A FORWARD -i eth1 -o eth0 -m state -–state RELATED,ESTABLISHED -j ACCEPT
into
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
but still is not working.
After adding the following to enable the packet forwarding for the server that is running CentOS:
echo 1 /proc/sys/net/ipv4/ip_forward
sysctl -w net.ipv4.ip_forward = 1
After a server restart and extra an extra check to see that all the configuration from above are still available I tried to see again if I can ping from a computer connected to 192.168.0.1/24 LAN the router from 192.168.1.1 but it didn't worked.
The server has tshark(console wireshark) installed and I found that while sending a ping from a computer connected to 192.168.0.1 router to 192.168.1.1 the 192.168.0.90(eth1) receives the ping but it doesn't forward it to the eth0 interface as the rule tells:
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
and don't now why this is happening.
Questions:
The iptables seem that don't work as I am expecting. Is there a need to add in the NAT table from iptables rules to redirect the traffic to the proper location, or is something else wrong with what I've done?
I want to use tshark to view the traffic on the server because I think that is the best at doing this. Do you know something better that tshark to capture the traffic and maybe analyze it?