#Forward delle catene iptables -A FORWARD -i eth1 -o eth0 -j laninet iptables -A FORWARD -i eth0 -o eth1 -j inetlan Above shows eth1 is your LAN interface and eth0 is your WAN interface. but.... #Setting up NAT iptables -t nat -A POSTROUTING -o eth1 -s 192.168.7.0/24 -j SNAT --to xxx.xxx.xxx.xxx this shows eth1 is your WAN interface, please clarify on this thing. Pradeep
Yes, thnk you very much Pradeep, I was wrong, I corrected it but... ...anyway still it doesn't work as I want. For now it is acting only like a NAT, I want to understand how NAT + Packet Filtering work together, I read the howtos provided by netfilter.org. And particularly I didn't understand: 1) POSTROUTING chain is processed after the FORWARD chain, isn't it? But do I really need the FORWARD chain? If yes, do I need to setup my rules for filtering the packets coming from my LAN which I want to pass through the firewall (using a DROP policy) in the FORWARD or just in the INPUT chain, or in both of them? 2) Which is the right place for the NATting rules in my script? That is, NAT rules must be placed before or after PF rules (for me after, but as NAT controls different chains because `nat' is a different table... maybe it's the same) 3) Someone can verify the following sentence if I understood correctly: "Packet coming from any network connected to the firewall enters the chain INPUT: rules are processed from the first in order to the end, if a suiting rule for it is found, then the faith of the packet depends only on that rule; if not packet is either dropped or accepted, depending on the general policy of the chain above mentioned" Thanks. Marco Nicoloso
