Hello, I need some suggestions. (If the ASCII diagrams get messed up, I've uploaded them to http://pastebin.com/SbbWKds0 I have a network that looks like this: ISP | | | wan1 = unknown +----o----+ | Router | +----o----+ | lan1 = 192.168.0.1/24 + DHCP | | | /\/\/\/\/\ < LAN > 192.168.0.0/24 \/\/\/\/\/ The Router is off-limits to me (it's the ISP's, and I am not given any access to the router). I need to "insert" a firewall like this: ISP | | | wan1 = unknown +----o----+ | Router | +----o----+ | lan1 = 192.168.0.1/24 + DHCP | | eth1 = 192.168.0.2 +----o----+ | Linux | +----o----+ | eth0 = 192.168.0.1/24 + DHCP | ( dest==192.168.0.3 ==DNAT==> 192.168.0.1 via eth1 ) | | /\/\/\/\/\ < LAN > 192.168.0.0/24 \/\/\/\/\/ For some complicated reasons, I can't change the subnet address of the LAN, nor can I change the default gateway for the systems in the LAN. And since I can't reconf the Router, I have to "spoof" the router. Is it doable just with iptables and iproute2? Or do I have to also go down the route of ebtables? And if it is doable, what caveats must I be aware of? Thanks in advance. Rgds, -- FdS Pandu E Poluan ~ IT Optimizer ~ • LOPSA Member #15248 • Blog : http://pepoluan.tumblr.com • Linked-In : http://id.linkedin.com/in/pepoluan -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
