Kelly, typically you have a default route set on each machine on your LAN, and that gateway address would be your linux router. Yes, packets COULD be sent directly, but you'd have to reset the route in your machine each time you wanted to point to a different machine. So, the router IS routing all your traffic on the LAN in a normal setup. So the line in iptables is useful. I use this kind of statement here where I have 3 different companies sharing a fiber-optic line back to my ISP. In your example, since its an INPUT statement, limits access to machines on the 192.168.6.0/24 network assuming you have a DROP policy for INPUT. -Del On Mon, 2003-02-24 at 09:06, Kelly Setzer wrote: > I've been experimenting with gShield trying to learn the ins and outs > of iptables. One of the rules is generates is: > > iptables -A INPUT -s 192.168.6.0/24 -d 192.168.6.0/24 -i eth1 -j ACCEPT > > The source and dest are correct for my internal network, and eth1 is > the internal net. My question is, when would the firewall ever see a > packet that could possible match this? Any packet with a source and > destination on the same network would send the packet directly (no > routing, thus no firewall). > > What am I missing? > > thanks, > Kelly > -- > Kelly Setzer, System Administrator/Architect - Placemark Investments > 14180 Dallas Pkwy, Suite 200, Dallas, TX 75240 > kelly.setzer@placemark.com http://www.placemark.com > (972)404-8100x41 (work) (214) 287-3464 (cell)
