Not normally a question for this group, but you guys are very bridge/router/firewall savvy, so I thought I'd toss it here. I have a bridge. On one side of the bridge is that fancy thing called the Internet. On the other side is my LAN. The bridge is the obvious demarcation line and a good place to put a firewall. Now, I have all my iptables stuff planned out, EXCEPT for nat. The usual way to do NAT: iptables -A POSTROUTING -t nat -s $INTERNAL_NET -j MASQUERADE iptables -A FORWARD -j ACCEPT Now, the problem I have is that my LAN is mixed NAT'd addresses and routable IPs. I have a host of FORWARD rules to determine which packets get sent onto which servers (routable IPs). My worry is that if I put in the "iptables -A FORWARD -j ACCEPT" it'll defeat the whole purpose of those entries. My question is: How do I set up a FORWARD for JUST the NATed packets without touching the non-NATed packets? Would a -d to my internal network ($INTERNAL_NET is set to 192.168.10.0/24) do it? IE would this work: iptables -A POSTROUTING -t nat -s $INTERNAL_NET -j MASQUERADE iptables -A FORWARD -d $INTERNAL_NET -j ACCEPT Also, if I post up my iptables entries/script, can someone help me proof them for problems? ----- Michael Yacht CTO Ideal Conditions, Inc. 5329 Beeler Street, #2 Pittsburgh, PA 15217 v: 412-325-1375 _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
