On Thu, Aug 6, 2009 at 3:31 PM, Ronygnulinuxist@gmail.com wrote:
I will have 2 interfaces, one to the internet and one to the LAN. So how will iptables forward the request? Do I need to specify the interface too? The interface (Call it LAN) pointing to the LAN will be 192.168.1.1 as all pcs are currently connected to MTNL ADSL directly. The interface that will now connect to MTNL (Call it NET) will be made 192.168.0.2 and MTNL's LAN IP will be changed to 192.168.0.1. Since all pcs are using static IP, changing everyone's settings is a longer procedure.
There are 2 ways. 1) Use source and desination in the rule Here's it's snippet from the iptable's man page -----xxxxx----- -s, --source [!] address[/mask] Source specification. Address can be either a network name, a hostname (please note that specifying any name to be resolved with a remote query such as DNS is a really bad idea), a network IP address (with/mask), or a plain IP address. The mask can be either a network mask or a plain number, specifying the number of 1’s at the left side of the network mask. Thus, a mask of 24 is equivalent to 255.255.255.0. A "!" argument before the address specification inverts the sense of the address. The flag --src is an alias for this option. -d, --destination [!] address[/mask] Destination specification. See the description of the -s (source) flag for a detailed description of the syntax. The flag --dst is an alias for this option. -----xxxxx-----
2) Use the input and output interface names Again, snippets from the man page. ----xxxxx---- -i, --in-interface [!] name Name of an interface via which a packet was received (only for packets entering the INPUT, FORWARD and PRE‐ROUTING chains). When the "!" argument is used before the interface name, the sense is inverted. If the interface name ends in a "+", then any interface which begins with this name will match. If this option is omitted, any interface name will match. -o, --out-interface [!] name Name of an interface via which a packet is going to be sent (for packets entering the FORWARD, OUTPUT and POSTROUTING chains). When the "!" argument is used before the interface name, the sense is inverted. If the interface name ends in a "+", then any interface which begins with this name will match. If this option is omitted, any interface name will match. -----xxxxx-----
I was pointed to http://iptables-tutorial.frozentux.net/ when I had gone to IRC to ask for some help on iptables. It might help you too.