On Wednesday 14 July 2004 09:36 Miguel González Castaños's cat walking on the keyboard wrote: > Hi, > > I am not sure what is your network architecture but i assume this: > > You have a LAN connected (lets call it LAN1) to the Internet through > the linux firewall (192.168.1.7). This firewall acts also as a router > being connected to the 192.168.1.8 router which is connected to > different LANs. > > With the DROP rule you are blocking packets destined to 192.168.1.8 and > come from anywhere (in this case Internet and LAN1). > > I assume when you say have NATTED the connection, you have NATTED > connections from LAN1 to the Internet and maybe connections from the > other LANs, am I wrong ? (maybe you should give us a picture or more > details of what you have in your NAT rules). If so, then LAN1 and the > other LANs are routed and not natted among them. > > Then, you should block destination to network 192.168.2.0, 192.168.4.0, > etc... >.html I believe you're right, since I've natted only packets from/to the internet and not another lan. Anyway, is there a way using iptables to intercepts packets that are going to the 192.168.1.8 router? I'd like to log those packets, but I believe that iptables acts before the kernel routing table, thus it is not easy to intercept those packets. Any idea? Thanks, Luca -- Luca Ferrari, fluca1978@xxxxxxxxxxx - : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
