Dylan wrote:
So, can I get gandalf to act as gateway for audio, and do NAT without needing to run the full 'firewall' on the box? Ideally, I'd want gandalf to provide this service one way only (so that, for example, it would refuse to route from sauron or mordor to audio) and for the one host (so that it would not route from scooby's 192.168.0.0/24 connection, since scooby has a direct route.)
I hope all that makes some kind of sense.
The setup doesn't make much sense to me, but here are some lines that should do the trick: # eth0 192.168.0.x # eth1 192.168.200.x iptables -P FORWARD REJECT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -s !ip-of-audio -j REJECT iptables -A FORWARD -s ip-of-audio -j ACCEPT iptables -A POSTROUTING -t nat -o eth1 -i eth0 -j MASQUERADE Sandy