Re: routing question

To: debian-firewall@lists.debian.org
Subject: Re: routing question
From: Göran Axelsson <axelsson@acc.umu.se>
Date: Thu, 03 Jun 2004 18:05:13 +0200
Message-id: <[🔎] 40BF4C39.9020500@acc.umu.se>
In-reply-to: <[🔎] 20040603151734.GA16857@opn.org>
References: <[🔎] 20040603151734.GA16857@opn.org>

Hello Roger,

INPUT and OUTPUT chains are to local machine, ie packets destined to local

processes on the router. It's a common mistake... at least I did ittoo. :-)

It is the FORWARD chain that should have the rules about which interfacethat

allows traffic and so on.
http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-6.html

Good luck!

/Göran

Roger wrote:

Or that should be no-routing question.
I have a linux box I would like to use as a router. 4 nics.eth0-outboundeth1-office x.x.5.x
eth2-public-access x.x.10.x
eth3-wireless  x.x.15.x
It's working to route traffic between interfaces okay. all interfacesare rfc1918 address. If the dsl router won't do nat, the router will beset to do nat. DSL isn't installed yet.
What I want is for eth2 devices to *not* be able to connect toeth1 devices.
I tried rules similar to:
iptables -A INPUT -i eth1 -s x.x.10.x/24 -j DROP
iptables -A OUTPUT -o eth2 -d x.x.5.x/24 -j DROP
but when on a 10.x host, I could still connect to 5.x addresses.

any ideas?
I figured if I could solve the eth1/eth2 problem, the same solutionwould work for eth1/eth3
Roger

Reply to:

References:
- routing question
  - From: Roger <roger@opn.org>

Prev by Date: routing question
Next by Date: Re: routing question
Previous by thread: routing question
Next by thread: Re: routing question
Index(es):
- Date
- Thread