/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
Greetings, I have just started to make the transition from ipchains to iptables, and am trying to get the following setup working: internet <--> (eth0)[router1](eth1) <--> (eth0)[router2] "router1" is the machine I will use as the firewall, and as the masq'ing machine. "router2" has multiple ethernet interfaces routing traffic from several networks. Now, masquerading traffic for the network associated with eth0 on router2 works fine, just as I would expect. What I want to do, is get router1 to MASQ traffic properly for all the networks behind router2, not just the network associated with eth0, I can only get it working properly for the primary internal network. Do I just add additional rules for each of the additional networks behind router2? As in: (on router1) input: $IPTABLES -A INPUT -i $INTIF -s $INTNET -d $UNIVERSE -j ACCEPT +add additional nets as in: $IPTABLES -A INPUT -i $INTIF -s $INTNET_1 -d $UNIVERSE -j ACCEPT $IPTABLES -A INPUT -i $INTIF -s $INTNET_2 -d $UNIVERSE -j ACCEPT $IPTABLES -A INPUT -i $INTIF -s $INTNET_3 -d $UNIVERSE -j ACCEPT . . . $INTNET is the primary network between router1 and 2. $INTNET_* are the additional networks behind router2. And something similar for output and forwarding? I did the equivalent under ipchains, and it worked partially -- pings would work, but other traffic like dns lookups, telnets, etc. didn't. What am I missing here? Thanks! ^t -------------------------------------------------------------------------- Timothy Hamlin ** thamlin at nmt dot edu ** http://www.nmt.edu/~thamlin/ -------------------------------------------------------------------------- Department of Physics, NMIMT, Socorro NM 87801 Office, Workman 251: 835-5137 Lab, Workman 246 Home, Polvadera : 835-0805 "Linux, the choice of a GNU generation." _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
