Default policies should be DROP, but anyway. Not sure if its the INPUT or FORWARD table, but it's something like this:
iptables -A FORWARD -i eth1 -s 10.101.189.0/24 -d 192.168.0/24 -j DROP On Sat, Aug 21, 2010 at 9:51 PM, Makara <[email protected]> wrote: > Hi All, > > Here is my network diagram > > > / LAN1 [10.101.189.0/24] > internet---------------[eth0]--------------{Linux}-----------------[eth1] > > \LAN2 [192.168.0/24] > > My iptables script > > # EDIT This line only > > IP_WAN=x.x.x.x > > # DO NOT EDIT > > echo "1" > /proc/sys/net/ipv4/ip_forward > > modprobe ip_conntrack > modprobe ip_nat_ftp > modprobe ip_conntrack_ftp > > > # Flush all rules > > iptables -F INPUT > iptables -F FORWARD > iptables -F OUTPUT > iptables -F -t nat > iptables -F -t mangle > > # Default Policies > > iptables -P INPUT ACCEPT > iptables -P FORWARD ACCEPT > iptables -P OUTPUT ACCEPT > > > # Allow UDP, DNS and Passive FTP > iptables -A INPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT > iptables -A FORWARD -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT > iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT > > > # garena game > iptables -t nat -A PREROUTING -p udp -i eth0 -d 0/0 --dport 1511:1611 > > # Transparent Proxy if it's network game > iptables -A PREROUTING -t nat -i eth1 -s 10.101.189.0/24 -p tcp --dport 80 > -j REDIRECT --to-port 3128 > > > # NAT > iptables -A POSTROUTING -t nat -o eth0 -j SNAT --to-source $IP_WAN > > > Both LAN1 n LAN2 can access internet it's good but they can access to each > other. > > Please kindly help, I don't want LAN1 connect to LAN2 or LAN2 connect to > LAN1. > > -- > The person who loves others will also be loved. > -- Best Regards, Stephen
