I have four machines A,B,C,D
A and B are in one network(192.168.1.0 mask 255.255.255.0)

C and D are in another network(192.168.0.0 mask 255.255.255.0)
For A pc B is the gateway.
\\-ly for C pc D is the gateway.
I want to connect from machine A to aother network(i.e C and D) using B as the gateway.
||=ly I want to connect from machine D to aother network(i.e A and B) using C as the gateway.
what i did was I enabled ipforwarding in Both my gateways B and C.

The I create a Static route in machine C for machine B

In machine C the routing entry is
route add 192.168.1.1 dev eth0
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1


In machine B the routing entry is
route add -net 192.168.0.0 netmask 255.255.255.0 dev eth0

Both my machine A and D are using B and C as default gateways respectivley.
i am able to ping and ssh form both the sides.

Now i planned to setup a firewall in my Gateways using iptables.Here only i have a problem.After i sets up the firewall my Client machines can not access the other network.But gateways can access to each other.They too can not access the other side clinets.

My Firewall rules are

iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP



iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p udp --dport 5000 -j ACCEPT

iptables -A INPUT -p icmp -j ACCEPT

iptables -A FORWARD -s 192.168.1.0/24 -d 192.168.0.0/24 -j ACCEPT

Similary in my other gateway i have a rule.
Both the sides i enabled ip forwarding.
I guess something wrong in my firewall rules.But i don't know where it is going wrong.I am totally new to this area.Can any one help me?

Sets the policy to allow outgoing traffic by default. That means only traffic originating from the gateways. Drop all other traffic not explicitly allowed.

Allow traffic originating from the other gateway, not forwarder traffic from the clients on the other side.

Accept ICMP traffic to the gateways

Allow traffic from the backbone, the network the gateways share, to enter one of the leaf networks, AB or the CD network.

You realize that this setup contains three networks, that need three separate network addresses?

Net I - Net II - Net III

Net I: Computer A and B
Net II: Computer B and C, let's call them GW1 and GW2
Net III: Computer C and D

The firewall on GW1 and GW2 need to be different in the forwarding rules.
The GW1 FORWARD chain need to accept traffic from Net III headed for Net I
The GW2 FORWARD chain need to accept traffic from Net I headed for Net III.
They are eachothers mirror.

In addition to this you will have to set up rules for the Net II on both GW1 and GW2. This is something like what you have done so far with the INPUT chain.

A quick look at http://iptables-tutorial.frozentux.n...-tutorial.html may help figuring out how the tables and chains are traversed for different packets.