H.S. <hs.samix@gmail.com> wrote: > Hello, > I have an adsl modem connected to a linux box which acts as a router. > The router machine has three interfaces: > eth1: 192.168.1.2, connected to the modem > eth0: 192.168.0.1, the wired LAN (192.168.0.0/24) using a switch > ath0: 192.168.5.1, the wireless lan (192.168.5.0/24) > The modem's LAN ip address is 198.168.2.1. The modem is working in > bridge mode and when a connection is established, ppp0 is formed on the > router machine. > The iptables script that I have on the router machine does the > forwarding and nat. All works okay between the wired and wireless LAN > and the internet and also within the wired and wireless LAN. > The problem is that I can access the modem's web interface (on > 192.168.2.1) only from the router machine and not from any other LAN > machine. Could somebody tell me what are the iptables rules needed to > make this happen? That probably would depend on the firewall and the port for web access used by the firewall. Here to allow packets from any source to the usual web port it is basically $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT DROP $IPTABLES -P FORWARD DROP ... $IPTABLES -N allowed ... $IPTABLES -A allowed -p TCP --syn -j ACCEPT $IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A allowed -p TCP -j DROP ... $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 80 -j allowed but you might want to restrict the packets' source to the LAN networks by using two rules with "-s 192.168.0.0/24" and "-s 192.168.5.0/24 in place of the last rule. -- Clifford Kite /* Domain names are for water/carbon units that don't think in binary. --Allen Kistler */