From: "Bob" <Bob@yellowbugcomputers.com>
To: netfilter@lists.netfilter.org
Subject: Masquerade/SNAT with RH 8.0
Date: Sun, 10 Nov 2002 22:58:56 -0800 [thread overview]
Message-ID: <200211102258.AA5768406@yellowbugcomputers.com> (raw)
I hope this hasn't been covered a million times. I'm trying to share the internet connection in my house. I'm very new to IPTABLES, and I can't get the sharing to work. Here is the setup. Please let me know if you need more information. Any help would be greatly appreciated!!!
The server is RH 8.0 with IPTABLES, and a DHCP server running. The Clients are a Mac and a PC (9.2 and Win98). Network Connectivity is good. All Three machines can ping each other, via private IPs:
192.168.0.30
192.168.0.22
192.168.0.1 (Internal NIC, Eth1)
The two clients have never been able to ping the public Eth0 card.
I have set forwarding to one, and that is set to be that way when the computer first boots, with this line:
echo 1 > /proc/sys/net/ipv4/ip_forward
That line seems to be working okay.
Here is the very simple ruleset that I've found on the net, and that seems to make sense:
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i eth1 -o eth0 -j ACCEPT
$IPTABLES -A FORWARD -j LOG
$IPTABLES -t nat -A POSTROUTING -o eth0 -j SNAT --to 208.141.xxx.xxx
Here is what the resulting script looks like:
*mangle
:PREROUTING ACCEPT [4:256]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Mon Nov 11 00:29:53 2002
# Generated by iptables-save v1.2.6a on Mon Nov 11 00:29:53 2002
*nat
:PREROUTING ACCEPT [370:28696]
:POSTROUTING ACCEPT [396:23845]
:OUTPUT ACCEPT [406:24455]
-A POSTROUTING -o eth0 -j SNAT --to-source 208.141.xxx.xxx #(my public IP)
COMMIT
# Completed on Mon Nov 11 00:29:53 2002
# Generated by iptables-save v1.2.6a on Mon Nov 11 00:29:53 2002
*filter
:INPUT ACCEPT [140:118403]
I am just not sure what I am doing wrong. I don't know where to look to see what kind of error messages might be popping up.
Does anyone have any ideas why I cant get packets forwarded from the internal interface to the external interface and out to the internet?
Any advice would be greatly appreciated. I've been trying to figure this out for a couple of weeks now. Thanks so much in advance!
Bob
ps. Where does IPTABLES log to? I notice in the above script it tells the kernel to log all forwarded packets. (at least that is how I read it, I could be wrong). Thanks again.
next reply other threads:[~2002-11-11 6:58 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-11-11 6:58 Bob [this message]
2002-11-11 8:35 ` Masquerade/SNAT with RH 8.0 Joel Newkirk
2002-11-11 15:10 ` Ben Russo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200211102258.AA5768406@yellowbugcomputers.com \
--to=bob@yellowbugcomputers.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.