Here is my network diagram
/ LAN1 [10.101.189.0/24]
internet---------------[eth0]--------------{Linux}-----------------[eth1]
\LAN2 [192.168.0/24]
My iptables script
# EDIT This line only
IP_WAN=x.x.x.x
# DO NOT EDIT
echo "1" > /proc/sys/net/ipv4/ip_forward
modprobe ip_conntrack
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
# Flush all rules
iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT
iptables -F -t nat
iptables -F -t mangle
# Default Policies
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
# garena game
iptables -t nat -A PREROUTING -p udp -i eth0 -d 0/0 --dport 1511:1611
# Transparent Proxy if it's network game
iptables -A PREROUTING -t nat -i eth1 -s 10.101.189.0/24 -p tcp --dport 80 -j REDIRECT --to-port 3128
# NAT
iptables -A POSTROUTING -t nat -o eth0 -j SNAT --to-source $IP_WAN
Both LAN1 n LAN2 can access internet it's good but they can access to each other.
Please kindly help, I don't want LAN1 connect to LAN2 or LAN2 connect to LAN1.
--
The person who loves others will also be loved.
No comments:
Post a Comment