need to get something on my firewall machine that is between my lan and my flatmates.

3 active nics in it now, one to the adsl router, one to my PC's, one to my flatmates lan.

Its the default gateway for my lan, and is natting everything to the adsl router as that is the degault gateway.

I need it to just route between my network and the flatmates, a static route willbe made on his machines to my machine

eth0  - my internal lan
192.168.1.1 255.255.255.0


eth2 - my adsl router
10.20.0.10  255.255.255.0
gateway is 10.20.0.1 (my adsl router)

eth3 - on flatmates lan
10.30.0.10 - 255.255.255.0

no gateway or all my traffic goes on his internet.


I have a file from iptables-save that I pipe to iptables-resore




# Generated by iptables-save v1.2.11 on Tue May 16 22:13:55 2006
*raw
:PREROUTING ACCEPT [67917:13329159]
:OUTPUT ACCEPT [12676:1026290]
COMMIT

*nat
:PREROUTING ACCEPT [3927:262748]
:POSTROUTING ACCEPT [158:10907]
:OUTPUT ACCEPT [158:10907]

(whole heap of portfowards)


-A POSTROUTING -s 192.168.1.0/255.255.255.0 -j MASQUERADE

COMMIT
# Completed on Tue May 16 22:13:55 2006
# Generated by iptables-save v1.2.11 on Tue May 16 22:13:55 2006
*mangle
:PREROUTING ACCEPT [67918:13329251]
:INPUT ACCEPT [12931:2572624]
:FORWARD ACCEPT [54977:10755022]
:OUTPUT ACCEPT [12676:1026290]
:POSTROUTING ACCEPT [67653:11781312]
COMMIT
# Completed on Tue May 16 22:13:55 2006
# Generated by iptables-save v1.2.11 on Tue May 16 22:13:55 2006
*filter
:INPUT ACCEPT [12931:2572624]
:FORWARD ACCEPT [54977:10755022]
:OUTPUT ACCEPT [12676:1026290]
COMMIT
# Completed on Tue May 16 22:13:55 2006




Im assuming that I need to change the line in bold to something else or put something ahead of it to say not to nat stuff to the 10.30.0.0/24 range, but am not sure what exactly.