I manage a network with three diferent range of IP´s 192.168.1.0 ,
192.168.2.0 and 192.168.3.0.
I have a router-firewall which connect theese internals networks.
iptables rules on the router-firewall machine are...
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
$IPTABLES -A FORWARD -s 192.168.1.19 -j ACCEPT
Of corse, $IPTABLES is a var which point to iptables.
Supose that router has 192.168.1.1, 192.168.2.1 and 192.168.3.1 IP´s.
From host 192.168.1.19 which is a window machine I ping to machine
192.168.3.15 which is a linux machine. the result is Ok.
If I ping from 192.168.1.19 to 192.168.3.35 which is a window machine I
can´t get a response.
Nevertheless, If I change the policy of forward (which is DROP by default,
see the above script) to ACCEPT:
iptables -P FORWARD ACCEPT
and I try pinging from 192.168.1.19 to 192.168.3.35 ( both of them are
windows machine), So I get a succes response from 192.168.3.35.
I can ping from router to every IP on every network with forward policy set
as DROP by default.
Could you help me with the problem?
Thanks in advance.
