On Thursday 2011-05-26 06:14, Amos Jeffries wrote: > On Thu, 26 May 2011 00:28:27 +0200 (CEST), Jan Engelhardt wrote: >> On Thursday 2011-05-26 00:01, Aaron Clausen wrote: >> >>> I just can't wrap my head around this one. >>> >>> What I have is a router with three interfaces: >>> >>> eth0 - External interface (IP address retrieved DHCP) >>> eth1 - Internal interface (trusted) - can access Internet and anything >>> on eth2 network >>> eth2 - Internal interface (untrusted) - can only access Internet >>> >>> What the heck is the iptables commands to get this to work? >> >> This does not look like an iptables issue. > > > I thought that would be: > > # allow eth2 to respond to eth1 connections > iptables -t filter -A FORWARD -i eth2 -o eth1 -m state --state > ESTABLISHED,RELATED -j ACCEPT > > # block others from eth2 to eth1 > iptables -t filter -A FORWARD -i eth2 -o eth1 -j REJECT > > > On top of whatever route entries are needed for the subnets to link up. Knowing is better than thinking :) What is required depends on the preexisting system state that you have at the time you run the commands. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
