Hi, something else:
#======================================================= # Allow all outbound connections from LAN(eth1 & eth2) # to Internet(eth0) # Allow only return traffic from those connections #======================================================= echo "Allow forwarding for 192.168.48.0 subnet..." echo "Allow forwarding for 192.168.5.0 subnet..."
iptables -A FORWARD -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
This allows forwarding from everywhere to everywhere, beware to use this! Instead change it to: iptables -A FORWARD -i $INTIF1 -o $EXTIF -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i $INTIF2 -o $EXTIF -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT Greetings, Ralf