Re: Blocked route LAN to LAN

Default policies should be DROP, but anyway.

Not sure if its the INPUT or FORWARD table, but it's something like this:

iptables -A FORWARD -i eth1 -s 10.101.189.0/24 -d 192.168.0/24 -j DROP

On Sat, Aug 21, 2010 at 9:51 PM, Makara <chanmakara@gmail.com> wrote:

Hi All,

Here is my network diagram

                                                                                  / LAN1 [10.101.189.0/24]

internet---------------[eth0]--------------{Linux}-----------------[eth1]

                                                                                  \LAN2 [192.168.0/24]

My iptables script

# EDIT This line only

IP_WAN=x.x.x.x

# DO NOT EDIT

echo "1" > /proc/sys/net/ipv4/ip_forward

modprobe ip_conntrack

modprobe ip_nat_ftp

modprobe ip_conntrack_ftp

# Flush all rules

iptables -F INPUT

iptables -F FORWARD

iptables -F OUTPUT

iptables -F -t nat

iptables -F -t mangle

# Default Policies

iptables -P INPUT ACCEPT

iptables -P FORWARD ACCEPT 

iptables -P OUTPUT ACCEPT

# Allow UDP, DNS and Passive FTP

iptables -A INPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

# garena game

iptables -t nat -A PREROUTING -p udp -i eth0 -d 0/0 --dport 1511:1611

# Transparent Proxy if it's network game

iptables -A PREROUTING -t nat -i eth1 -s 10.101.189.0/24 -p tcp --dport 80 -j REDIRECT --to-port 3128

# NAT

iptables -A POSTROUTING -t nat -o eth0 -j SNAT --to-source $IP_WAN

Both LAN1 n LAN2 can access internet it's good but they can access to each other. 

Please kindly help, I don't want LAN1 connect to LAN2 or LAN2 connect to LAN1.

-- 

The person who loves others will also be loved.

--
Best Regards,
Stephen