On Wed, 2003-11-05 at 15:26, Jeffrey Laramie wrote:In that configuration iptables does nothing for your LAN, only the server. If you can put a firewall box between the internet and the router that's the best choice. Otherwise you need: Internet -> Router -> Firewall -> Hub -> LAN/DMZ
In this setup the packets from the LAN have to enter from eth0 as Antony indicates. Eth1 would have to be the external interface. Keep in mind that these rules only affect traffic to and from the firewall host itself. Traffic between the LAN and the internet is handled on the FORWARD chain.
I just did a slap-the-head-"duh". We're not configured that way. Our server, which also runs IPTables is fed from the router as a DMZ. The clients are connected to the same router, a couple by a hub to the uplink. Hmm.
Jeff
