On Sat, 2005-06-18 at 10:05 -0400, Greg Swallow wrote: > Network 192.168.0 is configured by D-Link wireless router to cable > modem. firewall has access to the internet through > the router via dhcp on eth0. eth1 is attached to what will be network > 192.168.1 and we want firewall to serve dhcp on > that network. We also want firewall to route internet traffic from/to > 192.168.1 through 192.168.0; without having to > shutdown the firewall server to do so. Out of curiosity, why are you running a firewall behind the NAT router? The NAT router is going to keep the bad guys out by its design. Granted it's not a really high-end security solution, but most of the NAT routers out there today are pretty secure. Having said that, I would set my firewall rules like this (should all be on one line): iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 192.168.0.1 Save your settings by issuing the command: service iptables save Make sure that iptables will run next time your system boots: chkconfig iptables on Set your default route on the Linux firewall to be 192.168.0.1. Turn routing on via /etc/sysctl.conf: net.ipv4.ip_forward = 1 Then do sysctl -e -p /etc/sysctl.conf I think that's it. Obviously, this is a very simple setup. You can go pretty crazy with iptables. Holler if you need more info. Thomas
