Re: routing question
The concept in iptables is different than in chains.
Everithing which is just passing by your server goes
through FORWARD and not through INPUT or OUTPUT.
Try:
iptables -A FORWARD -i eth2 -o eth1 -j DROP
Tomaz
Roger wrote:
> Or that should be no-routing question.
>
> I have a linux box I would like to use as a router. 4 nics.
> eth0-outbound eth1-office x.x.5.x eth2-public-access x.x.10.x
> eth3-wireless x.x.15.x It's working to route traffic between
> interfaces okay. all interfaces are rfc1918 address. If the dsl
> router won't do nat, the router will be set to do nat. DSL isn't
> installed yet.
>
> What I want is for eth2 devices to *not* be able to connect to eth1
> devices. I tried rules similar to: iptables -A INPUT -i eth1 -s
> x.x.10.x/24 -j DROP iptables -A OUTPUT -o eth2 -d x.x.5.x/24 -j
> DROP but when on a 10.x host, I could still connect to 5.x
> addresses.
>
> any ideas?
>
> I figured if I could solve the eth1/eth2 problem, the same solution
> would work for eth1/eth3
>
> Roger
>
>
Reply to: