Michelle Konzack wrote:
I have following Interfaces: ppp0 ADSL wanadoo.fr eth0 192.168.1.0/26 publicnet Web-Server, access-server, DNS, ... eth1 192.168.1.64/25 privatenet Meine WS's, sql-Server, file-server eth2 192.168.1.96/26 securenet The Office of my old Emploier... :-) eth3 192.168.1./112/27 cybernet My CyberCenter eth4 192.168.1.128/25 wavenet My Lucent ORINOCO COR 1100 [snip] Now I like to do following:DENY anything in all Directions on the Router (!!!) and allow ACCEPT only:ppp0 --> eth0 eth3 eth4 eth* --> ppp0 eth0 --> eth4 eth1 --> eth0 eth2 eth3 eth4 eth2 --> eth0 eth3 eth4 eth3 --> eth0 eth4 eth4 --> eth0 eth3 [snip]
iptables is the proper tool for restricting the traffic between your interfaces, but the actual *routing* of the traffic is best done via iproute2.
There's a fabulous HOWTO at: http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/index.html Pay special attention to chapters 3 and 4.A word of caution, though: you're going to have some pretty hairy scripts no matter what you do - what you need to do is pretty complicated. The network I maintained had two external interfaces (dual T1's and a DSL), two internal interfaces (DMZ and private), and a class-C worth of virtual ports; the firewall script was about 150-200 lines, but my specific routing requirements ("ip route show") were much less specific than yours. (Private -> DSL; DMZ -> T1's; iptable rules to route external traffic to the correct servers. That's all.)
mickey