help route private traffic to 10.x.x.x and everything else to
the 'net
Les Mikesell
les at futuresource.com
Mon Nov 15 22:02:10 CET 2004
On Mon, 2004-11-15 at 14:29, David Williamson wrote:
> I've got a debian box with broadband access via ethernet to a wireless
> link. The gateway to the public net is 192.168.0.1, via my box,
> 192.168.0.2. I've got Firestarter on it, and everything works. On
> another box, I have access to our private WAN, mostly 10.130.x.x and
> 172.21.x.x and the like via a Cisco router at 10.130.80.1. I'd like to
> set things up so that any box on our LAN can access the private WAN, and
> if it's not on the WAN, the packets go out on the 192.168.0.1 gateway to
> the internet. This way, stuff that's blocked on our WAN (like ftp,
> email, jabber) will still work, since they'll have another route to the
> 'net.
>
> But every time I start trying to write the rule I get lost not long
> after "iptables -" <g>
That sounds like ordinary routing. Why not set the default route on
your lan boxes to send to the internet gateway first, and add a
route on it for the private ranges through the WAN gateway? Why
would you need iptables for this?
---
Les Mikesell
les at futuresource.com
More information about the netfilter
mailing list