Think I might of misunderstood your email. What I want to happen is for all traffic to go through the firewall. Customer 1 and Customer 5 are on separate VLANs. I want Customer 5 to be able to access Customer 1's server as if it was any other host on the internet. Does that make more sense? 2009/1/21 David J Craigon <david@xxxxxxxxxxxxx>: > No, the routing is definitely working 8-). Otherwise how could all > traffic go from the internet to these servers? They have no other > internet connection than through the firewall. > > It all works OK if you turn off iptables on the firewall, too. > > 2009/1/21 Mike Wright <mike.wright@xxxxxxxxxxxxxx>: >> David J Craigon wrote: >>> >>> Hello, >>> >>> I'm trying to build a firewall using Linux, iptables and conntrack. My >>> set up is pretty simple- I've got a computer with three interfaces- >>> one pointing to the internet, and two networks for different >>> "customers". >>> >>> >>> Internet--------Firewall------Customer 1 >>> | >>> ----------Customer 5 >>> >>> >>> >>> Customer 1 has 10.72.2.0/24. Customer 5 has 10.72.3.0/24. Both >>> customers have a server 10.72.2/3.3 running httpd on port 80. >>> >>> Now, both Customer servers can get to the internet, and the internet >>> can get to them, but Customer 1's server can't get to Customer 5's >>> server. >> >> Hi David, >> >> Perhaps you need "routes" established for those subnets. >> >> ip route add 10.72.2.0/24 dev ethX #customer1's nic >> ip route add 10.72.3.0/24 dev ethY #customer5's nic >> >> hth, >> :m) >> > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
