Unless I am mistaken, a proper routing table entry should suffice for your two private networks to talk to each other. Gateway for Subnet1: route add -net <SN2NetAddr>/<SN2NetMask> gw <iptablesmachine_SN1_side> Gateway for Subnet2: route add -net <SN1NetAddr>/<SN1NetMask> gw <iptablesmachine_SN2_side> I don't think you have to do anything at all as long as the firewall is the gateway for both subnets. If you have iptables FORWARD table drop by default, add: iptables -a FORWARD -i <sn1_if> -o <sn2_if> iptables -a FORWARD -i <sn2_if> -o <sn1_if> No filtering, no problems. -----Original Message----- From: Ashley M. Kirchner [mailto:ashley@xxxxxxxxxx] Sent: Tuesday, April 15, 2003 2:54 PM To: Net Filter Mailing List Subject: Help cofiguring new (private) subnet I'm needing some help on configuring of my current iptables script to expand onto a second subnet. But before I posted the whole script (from iptables-save) and a map layout of the network, I thought I'd ask if there's anyone in specific that would like to help me out, or whether I should just go ahead and post the whole shebang. The short gist of it is this: I've used Oskar Andreasson's rc.firewall script at http://iptables-tutorial.frozentux.net/ (linked from www.iptables.com) to generate my initial firewall script between our public internet address and the internal network. However, I've now added a third nic to the machine and configured it with a different (private) network. With the current firewall rules, I can not see anyone on that new subnet...only those on the old one. That's what I need fixing. That new subnet does NOT need forwarding like the first one does, so I'm not worried about it...I do however need to see the other systems on that subnet. There you go. Anyone willing to help?
