I have a firewall/router performing snat. This is its
configuration.
eth1-192.168.1.0/24
/
Internet--eth0-firewall-eth2-192.168.2.0/24
\
eth3-192.168.3.0/24
My iptables setup is successfully blocking connections
from eth0. However, I need to segregate the internal
subnets from each other because the belong to
different organizations. No matter what I try I can't
seem to block pings from one subnet to another. I can
lock it down to only allow input access to the
interface the subnet is directly connected to, but I
need to provide dns access to eth1 and this breaks
when I do this.
The firewall is running a caching dns server(djbdns)
on eth1. It also provides dhcp leases, and ntp
services on eth1-3.
I have also noticed that when I flush the tables and
delete the chains. Nat is still provided, i.e. I can
still connect to the internet.
Any pointers or help would be greatly appreciated.
Jeremy Hendrickson
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/
