This is close, but the -t option is wrong. This rule goes in the (default) filter table, not the nat table. Come to think of it, your DROP rule ought to be there as well.
Normally, Private Networking addresses (10.x.x.x and 192.168.x.x are both in this category) are not permitted to travel on the public Internet, but since you have both of these under your control, you do not need to do NAT on any of these until they are about to go out on the public Internet.
It is not clear from your post whether you are doing NAT on the firewall machine, or if you have some other device (a router, perhaps) doing NAT for you. It might make a difference in how you write the rules, but in either case, you do not need to do DROPs in the NAT table.
|