(I have mirroed this question locally to the bridge mailing list also) ok heres the setup ROUTER | |(public) | bridge --priv-- NAT | | Clients clients have 4 possbile addresses 192.168.33.0 192.168.34.0 and public 1.2.3.x 4.5.6.x I want to only allow the 192.168.. addy to go to the priv interface and same 4 the public only out the public interface so could i just say in my iptables source address: 1.2.3.x or 4.5.6., out interface: NAT, jump DROP on the output table and source address: 192.168.33.x and 192.168.34.x out interface: public, DROP on the output table would that cuase any funky issues? my book says no because as i understand a bridge it just mirrors all traffic to another interface correct? Chris K Ellsworth Chris K Ellsworth
