On Tue, December 12, 2006 11:47, Pascal Hambourg wrote: > Hello, > > Rob Sterenborg a �crit : > >>> My question is: Do I need a SNAT rule or should I try something with >>> nat+FORWARD? >> >> No. You can just route from 192.168.0.0/24 to 192.168.1.0/24 and back >> without using NAT. > > But then you need that host 192.168.0.10 has a route back to > 192.168.1.0/24, either directly via eth1 IP address (so it'd better be > fixed), or indirectly via the default gateway which must have a route to > 192.168.1.0/24 via eth1 IP address. Else you must do SNAT or MASQUERADE > for 192.168.1.0/24 on eth1 : Yes, I was assuming that the default gateway is set to the router's IP, but in fact we don't know about the connection to the internet which is there somewhere. >> $ipt -A FORWARD -m state --state NEW -s 192.168.0.0/24 \ >> -d 192.168.1.0/24 -m mport -p tcp --dports 25,110 -j ACCEPT >> $ipt -A FORWARD -m state --state NEW -s 192.168.1.0/24 \ >> -d 192.168.0.0/24 -m mport -p tcp --dports 25,110 -j ACCEPT >> >> >> The last 2 rules can also be split into 4 rules if you don't have the mport >> module : > > Or just use the more standard 'multiport' match instead. I keep getting confused with these two.. I thought it was mport but someday I'll remember. Grts, Rob
