[olug] iptables behind router

William E. Kempf wekempf at cox.net
Tue Sep 14 07:35:31 UTC 2004


On Mon, September 13, 2004 11:26 pm, Terry said:
> I have a similar setup
>                                                                   ----->
> PC
> Cable Modem ---> Linux ---> Wireless Router |
>                                                                   ----->
> Laptop
>
>
> Cable Modem -- 192.168.0.0/24 --> Wireless Router --- 192.168.1.0/24
> ---> PC/Laptop
>
> This allows you to create a DMZ type of network in front of your
> PC's.....I pretty much just did this to make use of an old DEC
> laptop...  ;)
>
> For services in the 192.168.0.0/24 subnet, just create a normal
> iptables rule to forward to the "DMZ" host.

OK, if I understand you (remember, I'm new to the terminology), you're
saying that all computers on the LAN need to be directed to forward
outgoing connections through CompA in my case.  Combined with what Mr.
Linder said, I can see how this would work.  But the rub is how to get the
other computers to forward through CompA, since they are running Windows
XP.

> I have services in my internal network that I want to get to from the
> outside world:
> -A PREROUTING -i eth0 -p tcp -m tcp --dport 3389 -j DNAT
> --to-destination 192.168.0.2:3389
> -A FORWARD -s 204.26.64.1 -i eth0 -p tcp -m tcp --dport 3389 -j ACCEPT
>
> This is poor in design, mostly just for fun....

Why is it poor in design?

-- 
William E. Kempf
wekempf at cox.net



More information about the OLUG mailing list