Re: routing question
INPUT and OUTPUT chains are to local machine, ie packets destined to local
processes on the router. It's a common mistake... at least I did it
It is the FORWARD chain that should have the rules about which interface
allows traffic and so on.
Or that should be no-routing question.
I have a linux box I would like to use as a router. 4 nics.
It's working to route traffic between interfaces okay. all interfaces
are rfc1918 address. If the dsl router won't do nat, the router will be
set to do nat. DSL isn't installed yet.
What I want is for eth2 devices to *not* be able to connect to
I tried rules similar to:
iptables -A INPUT -i eth1 -s x.x.10.x/24 -j DROP
iptables -A OUTPUT -o eth2 -d x.x.5.x/24 -j DROP
but when on a 10.x host, I could still connect to 5.x addresses.
I figured if I could solve the eth1/eth2 problem, the same solution
would work for eth1/eth3