Please share your expertise, here's my setup:

OS---Debian-5-(lenny)
Network-Interfaces:
eth0---(used for DHCP--leasing for Subnet-A and Subnet-B)
eth1---(for NATing..SNAT...DNAT..Masqurading..etc)
---
Subnets--(LAN-1)
Subnet-A1---10.10.64.0/18
Subnet-B2---10.10.128.0/18
----
Subnets---(LAN-2)
Subnet-A11---172.26.64.0/18
Subnet-B22---172.26.128.0/18
Query (?)
(1)
I want to deny Subnet-A to access Subnet-B (both subnets denied to access each other)?
(2)
to REDIRECT subnet-A1 (10.10.64.0/18) to another subnet-A11 (172.26.64.0/18) and as well redirect subnet-B2 to subnet-B22(10.10.128.0/18--->172.26.128.0/18)?
(3)
Deny all others. (to be more secure)
Caution!
I'm new to iptables, so please show few examples. What approach should be use..iptables..NATing..SNAT...DNAT..Masqurading...etc...What's most efficent solution, when Security, Reliability and high availablity is concerned.?
Thank you for your time.

These subnets are all attached to the same interface on this box, right?

Please post the output of these two commands:

Here's outputs.........
# ifconfig -a

eth0 inet addr:10.10.64.1 Mask:255.255.192.0
eth0:1 inet addr:172.26.64.1 Mask:255.255.192.0
----------
eth1 inet addr:10.10.128.1 Mask:255.255.192.0
eth1:2 inet addr:172.26.128.1 Mask:255.255.192.0
------------------------------------------------------
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.26.128.0 0.0.0.0 255.255.192.0 U 0 0 0 eth1
10.10.128.0 0.0.0.0 255.255.192.0 U 0 0 0 eth1
10.10.64.0 0.0.0.0 255.255.192.0 U 0 0 0 eth0
172.26.64.0 0.0.0.0 255.255.192.0 U 0 0 0 eth0
------------------------------------------------------------------------------

Did you leave one line out of the output? Or does this box not have a gateway?

If what you want is to deny access between each of these two LANs, simply disable forwarding. If what you want is to deny traffic between two subnets on the same physical network (172.26.128.0 and 10.10.128.0, for example), then keep in mind that there's nothing other than non-root privileges to stop those hosts from contacting the other subnets directly, without the need to go through this box. You mentioned that you were concerned about security, so I want to make sure you're aware of this fact.

No, I haven't leave out any line, it's complete output, yes this box not have a gateway.

ok, now I have Disabled the ip forwarding.

well its clear that subnets will not able to communicate "cross-subnets" (A--to--B or B--to--A etc).

Please also give example howto REDIRECT or Translate these subnets into different subnets:
(A) 10.10.64.0---->> into---->> 172.26.64.0
(B) 10.10.128.0---->> into---->> 172.26.128.0
so that users of Subnet 10.10.64.0 can use/share resources of 172.26.64.0?

thank you for time.

To do SNAT for (A) you could do:To do SNAT for (B) you could do:The FORWARD rules might look like:Of course, you'll need to re-enable forwarding.

BTW, I'm moving this to Networking so that it may gain better exposure. I'm kind of hoping that some of the LQ members who frequent that forum will chime in here and provide feedback as to whether or not doing this with iptables is a good idea (and/or to suggest a much better approach, which I suspect exists).

Dear win32sux;
Thank you very much for your kind help and examples of iptables. I am currently testing your solution, and it's working. Also I'm doing some experimenting to change few parameters.
Sure I'll add more to this thread later on and thanx for moving it to appropriate forum.
HOPE for the Best.
Have a great time.

Glad to be of service!