On Monday 03 May 2004 9:42 pm, Krystian wrote:i need some help on how to configure this scenario in iptables:
[adsl modem/router]-----[eth1-linux box-eth0]-----[network]
question: how to configure "linux box's" iptables to forward and masquarade traffic from most users and bridge traffic for couple "public" users.
I don't believe that any iptables configuration is necessary for the machines with public IPs. The Linux box will need a public IP on the same subnet as them and will need to have IP forwarding turned on (echo 1 > /proc/sys/net/ipv4/ip_forward). The boxes with public IPs will need to have the Linux box as their default gateway and it should all just work.
If you can't spare a public IP for the Linux box, can you just connect the ADSL modem/router, the Linux box, and the clients all to the same Ethernet? This is the setup I use. In that case the clients with public IPs would be able to see the ADSL modem/router directly (and would simply use that as their default gateway).
Add a third interface card eth2, bridge eth1 and eth2 as br0, and then route between br0 and eth0.
If you have hosts on your network which need public IPs then they have to be on a separate subnet from your normal clients anyway.
I don't think this is necessary. The public IP clients are obviously on a different IP subnet, but they can happily share the Ethernet with the NATed clients.
-- Jon