From: Chinh Nguyen <cnguyen@certicom.com>
To: Daniel Nogradi <nogradi@gmail.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: updated iptables doesn't work with old rules
Date: Wed, 22 Feb 2006 15:54:26 -0500 [thread overview]
Message-ID: <43FCCF82.6010402@certicom.com> (raw)
In-Reply-To: <5f56302b0602221253t7157857ejb15f87d9984da59c@mail.gmail.com>
Daniel Nogradi wrote:
> Anyway, what I have tried is:
>
> # make sure we start from zero
>
> iptables --flush
> iptables -t nat --flush
> iptables --delete-chain
> iptables -t nat --delete-chain
>
> # set up masquerading from LAN to modem which is hook up on eth0
>
> iptables -t nat -A POSTROUTING --out-interface eth0 -j MASQUERADE
>
> # allow forwarding from LAN which is hookup up on eth1
>
> iptables -A FORWARD --in-interface eth1 -j ACCEPT
I think that when you have a rule like this, you need the converse. ie,
iptables -A FORWARD --in-interface eth0 -j ACCEPT
If you want restrictions such that connections are initiated from B only, you
could restrict the inbound forward.
iptables -A FORWARD --in-interface eth0 -m state --state ESTABLISHED,RELATED -j
ACCEPT
>
> # enable ip forwarding
>
> echo 1 > /proc/sys/net/ipv4/ip_forwarding
>
> Just to recap, my configuration is this:
>
> machine A - eth0 ------------------ modem ------------ internet
> |
> eth1
> |
> |
> |
> hub
> |
> |
> machine B
>
> And I would like to access the internet from machine B, however the
> above rules don't work even without specifying the sources and
> allowing everything.
>
> Any ideas?
>
next prev parent reply other threads:[~2006-02-22 20:54 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-02-22 9:58 updated iptables doesn't work with old rules Daniel Nogradi
2006-02-22 11:01 ` Rob Sterenborg
2006-02-22 11:25 ` Daniel Nogradi
2006-02-22 12:35 ` Rob Sterenborg
2006-02-22 13:39 ` Daniel Nogradi
2006-02-22 20:53 ` Daniel Nogradi
2006-02-22 20:54 ` Chinh Nguyen [this message]
2006-02-22 21:57 ` Daniel Nogradi
2006-02-22 22:18 ` Chinh Nguyen
2006-02-22 23:13 ` Daniel Nogradi
2006-02-22 23:25 ` Daniel Nogradi
2006-02-23 14:42 ` Chinh Nguyen
2006-02-23 15:49 ` Daniel Nogradi
2006-02-24 0:41 ` Daniel Nogradi
2006-02-24 6:26 ` Rob Sterenborg
2006-02-24 10:14 ` Daniel Nogradi
2006-02-24 12:22 ` Rob Sterenborg
2006-02-24 14:48 ` Chinh Nguyen
2006-02-24 23:17 ` Daniel Nogradi
2006-02-25 19:20 ` Rob Sterenborg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43FCCF82.6010402@certicom.com \
--to=cnguyen@certicom.com \
--cc=netfilter@lists.netfilter.org \
--cc=nogradi@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.