No, the routing is definitely working 8-). Otherwise how could all traffic go from the internet to these servers? They have no other internet connection than through the firewall. It all works OK if you turn off iptables on the firewall, too. 2009/1/21 Mike Wright <mike.wright@xxxxxxxxxxxxxx>: > David J Craigon wrote: >> >> Hello, >> >> I'm trying to build a firewall using Linux, iptables and conntrack. My >> set up is pretty simple- I've got a computer with three interfaces- >> one pointing to the internet, and two networks for different >> "customers". >> >> >> Internet--------Firewall------Customer 1 >> | >> ----------Customer 5 >> >> >> >> Customer 1 has 10.72.2.0/24. Customer 5 has 10.72.3.0/24. Both >> customers have a server 10.72.2/3.3 running httpd on port 80. >> >> Now, both Customer servers can get to the internet, and the internet >> can get to them, but Customer 1's server can't get to Customer 5's >> server. > > Hi David, > > Perhaps you need "routes" established for those subnets. > > ip route add 10.72.2.0/24 dev ethX #customer1's nic > ip route add 10.72.3.0/24 dev ethY #customer5's nic > > hth, > :m) > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
