sharing Internet on 3 subnets

[Lem0nHead]

hello

I need to configure 2 subnets:
eth0 - my ISP DSL cable - real_IP
eth1 - my first subnet - 192.168.0.0/24 - ONLY FTP access should be allowed FROM it
eth2 - my second subnet - 192.168.1.0/24 - everything is allowed, and it also host an HTTP server

I come with that after reading some tutorials and seeing some samples... can someone tell me if this seems correct?
also, do I need to use the "route" command or iptables will take care of the routing alone?

#inclusive firewall
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP

#probably needed to use states since eth1 will use FTP
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#eth1 rules
$IPTABLES -A FORWARD -i eth0 -d 192.168.0.0/24 -p tcp --dport 21 -j ACCEPT

#eth2 rules
$IPTABLES -A FORWARD -i eth0 -d 192.168.1.0/24 -j ACCEPT
$IPTABLES -A FORWARD -s 192.168.1.0/24 -o eth0 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.0

thanks very much

PS: this is just a router computer... it doesn't need to access anything

[Lazydog]

Have you turned on forwarding? It is off by default.

As root

Code:

/bin/echo 1 >/proc/sys/net/ipv4/ip_forward

[Lem0nHead]

Have you turned on forwarding? It is off by default.

As root

Code:

/bin/echo 1 >/proc/sys/net/ipv4/ip_forward

yep
but I figured that was the problem

thanks very much

[Lazydog]

You are welcome.