Thanks for answering ray.
The second network is behind the server coming into eth0 on it. net-addr is
172.16.0.0
Now, I have a computer set up on that network with a switch and it works
allowing me to get to the server.
Now, the server can access both the 172 network and the internet, but the
client of the 172 network cannot. This is the full config
our internet-router: 192.168.168.1
our network: 192.168.168.0
their server eth1: 192.168.168.244
their server eth0: 172.16.0.10
their network: 172.16.0.0
I need to be able to forward all traffic from their client machines to our
internet router and then, obviously, the responses back to them. The only
addresses I need them to access on our network is the router. (ie: x.x.x.1)
Right now, on the client a tracert dies at the clients default gw (the server)
-ray <ray@ops.selu.edu> said:
>
> The second network needs to be physically behind the server, and connected
> to eth0. The server is then their default gateway. Then setup iptables
> on the server, with a rule that lets them get to everything EXCEPT your
> network. ie if your network is 192.168.1.0:
>
> iptables -A FORWARD -i eth0 -d 192.168.1.0/24 -j DROP
>
> If you switch does vlans, then you can do it without separate physical
> connections and only one eth card in the server (with multiple vlan
> interfaces), which might be easier...
>
> ray
___________________
Nolug mailing list
nolug@nolug.org
Received on 06/13/05
This archive was generated by hypermail 2.2.0 : 12/19/08 EST