Nat is not intended for filtering , The use of DROP is therefore prohibited.
I have a router with 4 interfaces
two Ethernet and two wireless i.e eth1 eth2 wireless 1 wireless 2 .
wireless 1 connected to a bridge. so wireless 1 is my public interface and remaining 3 private interfaces.
in router i m trying add prerouting drop rule
iptables -t nat -A PREROUTING -d !169.254.130.132 -j DROP
i m getting error nat is not intended for filtering.
My aim is block private access from public interface.
so i have tried input output forward rules.
i have added input rule but it blocks my router access from private interface .
i have added forward rule but it blocks my bridge access from private network.
i want a rule like this
this will break the access, rule should be something like "for packets received on wireless/WAN interface from Outside if destination IP Address is not matching with WAN IP address, then drop the packets"
how to do this without breaking any access.
please reply As soon as possible,plzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
Thanks in advance.
Last edited by jayasri; 07-20-2015 at 07:44 AM.
|