Your post was a little confusing. Are you trying to block incoming connections from the internet to computers on your internal lan? If so, you're already done. Unless you've set up PREROUTING, people can reach your router, and that's it (though your router can reach your lan, so make sure it's up on patches and uneccessary services are disabled).
But it sounds like you want 192.168.1.2 can receive incoming traffic from outside your linux router with a public ip address? If so, here's the best way. First realize that 192.168.1.2 is an internal ip address, not publicly routable, meaning that although people on your lan can reach 192.168.1.2, when anybody outside your LAN tries to send packets to 192.168.1.2 it isn't gonna reach you. But, the ip address of your rr address is publicly routable. So instead of people connecting to 192.168.1.2, people will be connecting to your linux router, and the linux router will do the magic of routing it correctly through your lan, a la iptables and PREROUTING. So, for example, if you had an http server on a box in your internal lan, you would have the linux router preroute anything on port 80 (or whatever) to that http server on the internal lan.
Anyway, long story short, what you want is something like:
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.2
Since the external computers will only see one ip address, you can't really double up on ports. Like, if you wanted to run two different web-servers on different boxes, both on port 80... external computers will actually have to go through a different port on the router to get forwarded to the other host, unless you got more specific than -i eth0. So a second rule would look like:
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to 192.168.1.3:80
So with the two above PREROUTING rules, those who connect to IP-ADDRESS-OF-ROUTER:80 will get to 192.168.1.2:80, and those who connect to IP-ADDRESS-OF-ROUTER:8080 will get to 192.168.1.3:80. Make sense?
There's a lot more detail in the (unfortunately very long) Linux IP Masquerade HOWTO. http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/
Good luck,
~ Daniel
--- "Paul Aitken" <paitken1@tampabay.rr.com> wrote:
Hello,
I am quite the linux newbie, and have tried to get assistance in networking
with linux. I am successfuly routed through a linux machine, but am tyring
to block internet to another computer.
My main internet connection comes from eth0, which is directly connected to
my cable modem.
I then have a LAN cord ran from eth1 to a hub
The hub then has two more cords plugged into it.
I only want the computer with the ip address 192.168.1.2 to receive
internet...can you tell me how to do this please?
Thank you
Paul
________________________________________________________________
The best thing to hit the internet in years - Juno SpeedBand!
Surf the web up to FIVE TIMES FASTER!
Only $14.95/ month - visit www.juno.com to sign up today!
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:10:20 EDT