Should iptables be able to forward between two different ip address spaces on the same LAN (i.e. using the same ethernet adapter for both input and output)? We currently have global ip addresses for hosts on our network and I'm trying to migrate them to the 10. private address space. I have a separate iptables box running as a firewall, and have added entries like iptables -A FORWARD -i eth0 -o eth0 -s 10.0.0.0/9 -d 131.111.26.0/24 iptables -A FORWARD -i eth0 -o eth0 -s 131.111.26.0/24 -d 10.0.0.0/9 but I cant get traffic between, say, a host 10.0.0.1 and a host 131.111.26.1 If 10.0.0.1 pings 131.111.26.1, tcpdump on the firewall shows ICMP packets arriving on eth0 from 10.0.0.1 and apparently going out to 131.111.26.1, but 131.111.26.1 never sees them. (I have got IP_FORWARDING turned on..). Any advice would be welcome. Cheers, Terry. -- Terry Horsnell (tsh@xxxxxxxxxxxxxxxxx) I.T. Manager Medical Research Council Lab of Molecular Biology Hills Road CAMBRIDGE CB2 2QH U.K. Phone: +44 (0)1223 248011 Fax: +44 (0)1223 213556
