and then again I forgot to send the mail to the netfilter list. I'll have to find a way to solve this problem. On 9/11/05, Edmundo Carmona <eantoranz@xxxxxxxxx> wrote: > Well.. just as I said.. if the boxes in the eth0 lan know how to reach > the boxes, then you have to do nothing else (translation: if the boxes > in the 192.168.2/24 network know that the router to reach the > 192.168.3/24 network is te box we're talking about [it's eth0 IP, of > course).... or it's default gateway knows... for that matter), then > you are done. > > And when you configure an interface's IP (and netmask if needed), no > default GW is set. Only the broadcast address... right? > > > > On 9/12/05, Rudi Starcevic <tech@xxxxxxxxxxxx> wrote: > > Edmundo, > > > > > > > Is that of any help? > > Indeed yes ... many thanks. > > > > > I will assume you want to be able to have traffic between your two lans, right? > > Yes. Once that is in place I'm interested in restricting the IPs who > > travers the two networks. > > > > > > > > I will delete your routing tables. > > > > > > I will flush all routing from the default table. > > > > > > Set eth0 and eth1: > > > ifconfig eth0 blah blah > > > ifconfig eth1 blah blah > > > > > > set the default gw > > > ip route add default via gwIP > > > > > > let's enable forward between both interfaces: > > > echo "1" > /proc/blah/blah/ip_forward > > > > > > I don't remember if eth0 is the lan with the internet router... or eth1 > > > > It's eth0. > > > > > > > > I will assume it's eth1 for this next paragraph. > > > > > > here's a thing you have to consider. If the boxes in the eth1 lan know > > > how to reach the boxes in eth0 lan (that means, they know they have to > > > use you as the router for that network), then you have to do nothing > > > else. You will have traffic traversing between both networks. If they > > > don't, then masquerade traffic going out eth1. > > > > > > There are a couple of aditional details.... but I guess that's the > > > "core" of the problem. > > > > Awesome .. thanks again .. just the advice I was hoping to gain. > > > > I hope to build a ruleset that doesn't need Masquerading between > > interfaces, but as we know that belongs to the LARTC list. > > > > Regards, > > Rudi. > > > > > > > > > > >