Hi Gentlemen!

I'm trying to write an iptables config file, but got stuck.

So I want to define an IP range that allows full access eth0-eth1 forwarding, and another that is allowed to access some special ip-s.
The first part works, I could make the range has full access:

iptables -A FORWARD -m iprange --src-range 192.168.80.20-192.168.80.40 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -o eth1 -i eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

But cant find out, how tom make the second rule. How could I put speicified target ip-s in this? I've tried to make a new chain:

iptables -N ALLOW
iptables -A FORWARD -m iprange --src-range 192.168.80.40-192.168.80.50 -j ALLOW
iptables -A ALLOW ...
But from this point there was no syntax I could force to work.

(sorry for my bad english )
And thx for help!

Another idea to allow the allow chain to accept the IP:

iptables -A ALLOW -s IP -j ACCEPT
iptables -A ALLOW DROP
iptables -A ALLOW -j FROWARD

Any other idea?

Hi, why don´t you try Firehol http://firehol.sourceforge.net/, It has a very easy to use script language. I have 1 server with a firewall with around 300 iptables rules that in Firehol script language are 20 lines.

Regards