Here is an idea using brctl & ebtables, not iptables. Looks like you need your box runs as a router and switch. It's very common use on DSL routers called "Triple Play", or port based VLAN. I assume your topology as: eth0(Internet), eth1(Server), eth2, eth3(private LAN). 1) Create a bridge for eth2 & eth3 with "brctl". Call it br0. 2) Dial out with eth0, you will get ppp0 for Internet. 3) Create a bridge for eth0 & eth1 with "brctl". Call it br1. 4) Set up rules with "ebtables", INPUT chain to DROP packets from eth1. I didn't try it on my box, but I suppose it works. Any feed back is appreciated. Thanks 2009/9/7, Pascal Hambourg <pascal.mail@xxxxxxxxxxxxxxx>: > Hello, > > Gregory Ray a écrit : >> I am running iptables as a dhcp router from a pppoe connection > > Iptables is neither a router nor a DHCP server. Do you mean "I am > running a Linux box working as a DHCP server and as a router" ? > >> can I have it route the standard local ips to the >> workstations but also have my other servers utilize the static ips >> available in the block from my isp? > > Sure. I suppose that the privante addresses are masqueraded with the > PPPoE public address. For the public static block, you have two options. > > 1) Assign private addresses to the servers and use DNAT+SNAT to create > 1:1 mapppings with public addresses from the static block. > > 2) Assign public addresses from the static block to the servers. > > Are the servers and workstations on the same LAN ? > What is the size of the public static block and how many public servers > do you have ? > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- BRs nuynehc@xxxxxxxxx -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html