iptables question

From: William D. Tallman (wtallman_at_olypen.com)
Date: 02/09/04

Date: Sun, 08 Feb 2004 23:27:26 -0800

I'm running an ADSL NAT/router/modem connected to my LAN. This means that
the LAN is unprotected except for the modem, so each box also has a
software firewall. The PC is running Zone Alarm reconfigured for a gateway
from a dialup, and so far nothing has happened to the PC. I'm running

If I understand this correctly, the gateway as seen by the routing table is
the only identification of the Internet that's needed. Iptables has only
to deal with the NIC interface, and does not care how the Internet traffic
arrives at the NIC.

Which means that iptables has to have rules for the LAN alongside the rules
for the Internet. But in allowing traffic in from the LAN machines, I have
to make sure that the gateway address is not included, I would think. So I
should set up a chain for the LAN with rules that identify the gateway as a
'no-no' and send all LAN traffic through that chain.

In other words, iptables deals with the LAN as if it were the Internet with
special 'LAN' rules for the other boxen on the LAN.

Does that make sense?


Bill Tallman

Registered Linux User: #221586
Mdk-9.0 and Slackware-9.1
A Luxuriance of Linux!!!

Relevant Pages