Hello, I am trying to set up iptables to allow my network to operate as follows.
I have an internal network, 10.100.0.0, and an external network, 192.168.1.0. My linux machine has one ethernet interface (eth0) on the external network, with IP address 192.168.1.5, and one (eth1) on the internal network, with IP address 10.100.0.1. I also have a web and DNS server at 192.168.1.10. Machines on the internal network are configured to use 10.100.0.1 as their gateway. I want machines on the internal network to be able to connect to my linux machine using 10.100.0.1, and to connect to DNS and web services on 192.168.1.5. Other than that, I want *absolutely no connectivity* from the internal network to the outside world. In the event that a user attempts to connect to an external host, I want that traffic to be redirected to the local linux box. Here's what I have. It works about 90% of the time, but 10% of the time, an internal host is actually able to reach the outside world, for no obvious reason. I am stumped. Can anyone offer advice? modprobe iptable_nat iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -d 192.168.1.10 -j DNAT --to 192.168.1.10:80 iptables -t nat -A PREROUTING -i eth1 -p udp --dport 53 -d 192.168.1.10 -j DNAT --to 192.168.1.10:53 iptables -t nat -A PREROUTING -i eth1 -j DNAT --to 192.168.1.5 echo 1 > /proc/sys/net/ipv4/ip_forward Thanks, Mike
