Hi, Angus.
Yes, it is simple solution, if I have one WAP gateway on host.
But once more: I talking about MANY gateways bound to different external
interfaces on ONE host. For routing to private network I use only one interface,
so all connection to private network from ALL wap gateways go through this
interface. And how do you plan allow connection from some WAP gateways,
denying it from others with iptables?
Well, assuming that the packets are emitted with the source IP set to that of the address the WAP gateway is bound to (rather than an INADDR_ANY bind() ), then its an
iptables -A OUTPUT -t filter -s <ip of interface its bound to> -o <interface name of private lan> -j DROP
and then to let one through, you can just
iptables -I OUTPUT -t filter -s <good ip> -o <priv interface> -j ACCEPT
However, if they're not emitted with that IP, then I'd ook at the "owner match" stuff, and run the special WAP gateway under a different UID from the others. Remember that pretty much anything is possible with IPtables.
See http://iptables-tutorial.frozentux.net/iptables-tutorial.html for more information.
Regards,
_Gus-- Angus M Wood Chief Architect Inspired Broadcast Networks http://www.inspiredbroadcast.net/ Out of Home Pay to Play Networked Entertainment 3rd Floor, 150 Regent Street, London, W1B 5SJ Tel: +44 (0)20 7478 8280 Mob: +44 (0)7767 393039 Fax: +44 (0)20 7434 9166
