I'm just looking for some feedback on my rules with iptables. The machine will be running nat in my home. eth0 is a cable modem, eth1 is a wired lan with ip range 192.168.1. and eth2 is a wireless access point serving ip range 192.168.3. One goal is to keep wireless clients from accessing wired clients.
Do you see any potential problems? Is there a better way to do this? iptables -P INPUT ACCEPT iptables -F INPUT iptables -P OUTPUT ACCEPT iptables -F OUTPUT iptables -P FORWARD DROP iptables -F FORWARD iptables -A FORWARD -i eth2 -o eth1 -j DROP iptables -A FORWARD -i eth1 -o eth2 -j DROP iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT iptables -A FORWARD -d 192.168.1.0/24 -j ACCEPT iptables -A FORWARD -s 192.168.3.0/24 -j ACCEPT iptables -A FORWARD -d 192.168.3.0/24 -j ACCEPT iptables -t nat -F iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE Thanks a lot, Michael Hrivnak -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
