On Thu, 26 May 2011 00:28:27 +0200 (CEST), Jan Engelhardt wrote:
On Thursday 2011-05-26 00:01, Aaron Clausen wrote:
I just can't wrap my head around this one.
What I have is a router with three interfaces:
eth0 - External interface (IP address retrieved DHCP)
eth1 - Internal interface (trusted) - can access Internet and
anything
on eth2 network
eth2 - Internal interface (untrusted) - can only access Internet
What the heck is the iptables commands to get this to work?
This does not look like an iptables issue.
I thought that would be:
# allow eth2 to respond to eth1 connections
iptables -t filter -A FORWARD -i eth2 -o eth1 -m state --state
ESTABLISHED,RELATED -j ACCEPT
# block others from eth2 to eth1
iptables -t filter -A FORWARD -i eth2 -o eth1 -j REJECT
On top of whatever route entries are needed for the subnets to link up.
AYJ
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
