ip tables question
This is how my network is set up.
I have a linksys router that has a public ip address. This router does all the NATting on my network. I have a Linux PC connected to this router as well as other Windows computers.
On the Linux PC I would like to work with ip tables.
Here are the questions that I have.
The default gateway of the linux PC its going to be the linksys router, correct?
This linux PC will work as a firewall using iptables for the rest of the computers.
What would it be the default gateway to be used for the rest of the computers?
It would have to be the Linux PC , correct?
Thanks a lot!
If the Linksys router is doing NAT for both computers, it is the firewall and gateway for both.
You can still use iptables on the Linux PC for better protection of the Linux PC, but it won't protect any other PC because the traffic isn't passing through it, so it can't filter it.
Thanks for the reply!:
What would happen if I set up on one of those windows PCs default gateway to be the linux PC.....Would the linux PC filter any traffic ?
If the Linux PC receives and retransmits traffic, you will see the protection.
But I don't think the Linux PC would retransmit the traffic (though I've never tried that) because it's on the same medium and the same network.
If you really wanted to do that, you could do it this way, though I don't recommend it.
- Leave the router the way it is,
- Change the Windows IP address to a new address in a new network,
- Add a second IP address to the Linux PC's eth device in the new network,
- Enable forwarding, iptables and routing on the Linux PC.
So for example, the router and the Linux PC would be on network 192.168.1.0/24, and
the Linux PC (second address) and the Windows PC would be on network 192.168.2.0/24.
You can assign a second IP address to an eth device wth the 'ip' command in the iproute2 package.
I will try that and let you know.
I only have one NIC on the Linux PC.
This is my topology:
192.168.1.2 - Linux-PC------192.168.1.1-Linksys router- X.X.X.X --------> Internet'
The X.X.X.X is my public ip address that I use to go out to the Internet.
were I a mod, I would condense that double post ;)