On May 23 2007 11:22, trellmor@xxxxxxxxxxxxx wrote: > >Hello! > >I tried to create a rule to block all traffic from a interface (ath1) to >a netblock (192.168.0.0/16). -i ath1 -d 192.168.0.0/16 ... >The device is a WLAN router and the ath1 interface is unencrypted, >allowing visitors to login. But i want to restrict access to my private >lan (192.168.0.0/16). The router performs nat between the ath1 and the >ath0. So forwared packets need to reach the next hop (192.168.0.1), >allowing visitors to access the internet. The router itself (and other >interfaces on the router) should still be able to reach 192.168.0.0/16. > >I tried to come up with a rule for that, but my solutions doesn't seem >to work. I hope anyone can give me a solution for this problem, or at >least an idea how to solve it. Jan --
