Re: routing question

To: debian-firewall@lists.debian.org
Subject: Re: routing question
From: Tomaz Kravcar <tomaz.kravcar@rsklan.com>
Date: Thu, 03 Jun 2004 18:12:18 +0000
Message-id: <[🔎] 40BF6A02.7090509@rsklan.com>
In-reply-to: <[🔎] 20040603151734.GA16857@opn.org>
References: <[🔎] 20040603151734.GA16857@opn.org>

The concept in iptables is different than in chains.
Everithing which is just passing by your server goes
through FORWARD and not through INPUT or OUTPUT.
Try:

iptables -A FORWARD -i eth2 -o eth1 -j DROP

Tomaz


Roger wrote:

> Or that should be no-routing question.
>
> I have a linux box I would like to use as a router.  4 nics.
> eth0-outbound eth1-office  x.x.5.x eth2-public-access x.x.10.x
> eth3-wireless  x.x.15.x It's working to route traffic between
> interfaces okay.  all interfaces are rfc1918 address.  If the dsl
> router won't do nat, the router will be set to do nat.  DSL isn't
> installed yet.
>
> What I want is for eth2 devices to *not* be able to connect to eth1
> devices. I tried rules similar to: iptables -A INPUT -i eth1 -s
> x.x.10.x/24 -j DROP iptables -A OUTPUT -o eth2 -d x.x.5.x/24 -j
> DROP but when on a 10.x host, I could still connect to 5.x
> addresses.
>
> any ideas?
>
> I figured if I could solve the eth1/eth2 problem, the same solution
>  would work for eth1/eth3
>
> Roger
>
>

Reply to:

Follow-Ups:
- Re: routing question
  - From: Roger <roger@opn.org>

References:
- routing question
  - From: Roger <roger@opn.org>

Prev by Date: Re: routing question
Next by Date: Re: routing question
Previous by thread: Re: routing question
Next by thread: Re: routing question
Index(es):
- Date
- Thread