[TriLUG] iptables- does this work?
Michael Hrivnak
mhrivnak at triad.rr.com
Sat Apr 10 17:06:41 EDT 2004
I'm just looking for some feedback on my rules with iptables. The machine
will be running nat in my home. eth0 is a cable modem, eth1 is a wired lan
with ip range 192.168.1. and eth2 is a wireless access point serving ip range
192.168.3. One goal is to keep wireless clients from accessing wired
clients.
Do you see any potential problems? Is there a better way to do this?
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -A FORWARD -i eth2 -o eth1 -j DROP
iptables -A FORWARD -i eth1 -o eth2 -j DROP
iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.1.0/24 -j ACCEPT
iptables -A FORWARD -s 192.168.3.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.3.0/24 -j ACCEPT
iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Thanks a lot,
Michael Hrivnak
More information about the TriLUG
mailing list