Quote:
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
|
Sets the policy to allow outgoing traffic by default. That means only traffic originating from the gateways. Drop all other traffic not explicitly allowed.
Quote:
iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p udp --dport 5000 -j ACCEPT
|
Allow traffic originating from the other gateway, not forwarder traffic from the clients on the other side.
Quote:
iptables -A INPUT -p icmp -j ACCEPT
|
Accept ICMP traffic to the gateways
Quote:
iptables -A FORWARD -s 192.168.1.0/24 -d 192.168.0.0/24 -j ACCEPT
|
Allow traffic from the backbone, the network the gateways share, to enter one of the leaf networks, AB or the CD network.
You realize that this setup contains three networks, that need three separate network addresses?
Net I - Net II - Net III
Net I: Computer A and B
Net II: Computer B and C, let's call them GW1 and GW2
Net III: Computer C and D
The firewall on GW1 and GW2 need to be different in the forwarding rules.
The GW1 FORWARD chain need to accept traffic from Net III headed for Net I
The GW2 FORWARD chain need to accept traffic from Net I headed for Net III.
They are eachothers mirror.
In addition to this you will have to set up rules for the Net II on both GW1 and GW2. This is something like what you have done so far with the INPUT chain.
A quick look at
http://iptables-tutorial.frozentux.n...-tutorial.html may help figuring out how the tables and chains are traversed for different packets.