On Wednesday 2005-October-19 22:07, Seferovic Edvin wrote:
> I have two internal interfaces ( eth1 // 172.19.0.0 & eth2 //
> 172.20.0.0 ), and I would like to block traffic between those two
> networks. Somehow Ive failed because any rules that should forbid
> traffic between those 2 networks didn't work. I still could access
> webserver on the eth2 - 172.20.10.1 from a station with IP address
> 172.19.1.100 ! Then Ive applied rule in PREROUTING chain in nat
Thou shalt not filter in the nat table.
> Iptables -t nat -A PREROUTING -s 172.19.0.0/16 -d 172.20.0.0/16 -j
> DROP
I would use interfaces, not IP addresses.
> Rules in FORWARD and INPUT chain just wouldn't work. Is this the
What did you try in FORWARD?
> right way to forbid traffic from one network to the another or am I
> missing some basic stuff here? I would appreciate any comments.
In FORWARD, block incoming on eth1 going to eth2 and vice versa.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
