On Mon, 2004-11-15 at 14:29, David Williamson wrote: > I've got a debian box with broadband access via ethernet to a wireless > link. The gateway to the public net is 192.168.0.1, via my box, > 192.168.0.2. I've got Firestarter on it, and everything works. On > another box, I have access to our private WAN, mostly 10.130.x.x and > 172.21.x.x and the like via a Cisco router at 10.130.80.1. I'd like to > set things up so that any box on our LAN can access the private WAN, and > if it's not on the WAN, the packets go out on the 192.168.0.1 gateway to > the internet. This way, stuff that's blocked on our WAN (like ftp, > email, jabber) will still work, since they'll have another route to the > 'net. > > But every time I start trying to write the rule I get lost not long > after "iptables -" <g> That sounds like ordinary routing. Why not set the default route on your lan boxes to send to the internet gateway first, and add a route on it for the private ranges through the WAN gateway? Why would you need iptables for this? --- Les Mikesell les@xxxxxxxxxxxxxxxx
