>> Grant is doing too good a job... :-) > > Thank you. :) You're welcome.. Heheh. >> Just enable and allow all forwarding, add the routes you need and >> your magic box will shine like a magic lantern. :^) > > Um, mostly agreed. You mean you don't agree to the shining part? >> iptables -P FORWARD ACCEPT >> iptables -F FORWARD >> echo 1 > /proc/sys/net/ipv4/ip_forward >> route add -net [...etc...] > > The part that I want to point out is that the routes that you > add will not be on the Linux router, but rather the systems on > the networks. Yes, well, in the basic example I was refering to (A <-> C <-> D <-> B), routers C and D already know the routes to the networks they're connected to (and I assume that hosts in A and B have a (default) route to C and D resp) so they don't need extra routes. But they do need forwarding set to ACCEPT and allowed. In a more complex situation things are different. >> Have a look at http://www.fwbuilder.org/. >> I'm not using it, I'm not endorsing it, don't know anything of how it >> builds it's ruleset, etc. It just looks nice if you're coming from MS >> ISA and you might actually find it handy. > > With out having ever used (but have heard of) FWBuilder my self I > can't comment on it. However considering how Daniel is asking how > things work and appears to be trying to learn, I don't think jumping > directly in to some sort of application that hides this knowledge from > him is that good of an idea. No, I don't think so too. I already pointed him to Oskars iptables tutorial which I think still mostly holds and I hope he'll read (and understand) it. Writing your own script is still more flexible and you learn more about what you're doing and dealing with. Grts, Rob -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
