Hello,
Jack Knowlton a écrit :
{Debian}
ppp0: bridge interface (PPPoE via eth0)
ppp0 is a PPP(oE) interface, not a bridge interface.
eth1: LAN with public IP interface (xxx.xxx.xxx.153)
eth2: LAN with private IP interface (10.0.1.2)
{server2}
eth0: LAN with public IP (in /29 subnet)
eth1: LAN with private IP (10.0.1.3)
{server3}
same as server2
Why do you need some servers to have an interface in the private LAN ?
{AP}
eth0: LAN with private IP (10.0.1.5)
What I want is that {Debian} does not do NAT on the LAN with public
addressing (just route the connections to the appropriate servers) but do
it for the LAN with private adresses,
In your iptables ruleset, just add "-s <private_subnet_prefix>" in the
SNAT or MASQUERADE rules, so only the private addresses are masqueraded.
so that wifi clients can stay secure.
NAT is *not* for security. Netfilter NAT does *not* provide any
filtering. The use of private addresses breaks end-to-end connectivity,
and NAT just allows to restore a partial connectivity. Broken
connectivity may be seen as some sort of security, though, but not the
NAT itself...
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
