From: Subba Rao <subba3@cablespeed.com>
To: netfilter@lists.netfilter.org
Subject: Help with Masquerading
Date: Sun, 05 Jan 2003 10:19:48 -0500 [thread overview]
Message-ID: <3E184D14.10102@cablespeed.com> (raw)
Hi
My system is running kernel 2.4.20 with iptables compiled into the
kernel. The system has 2 interfaces. ETH0 is connected to the Internet
(via cablemodem) and ETH1 is connected to my home LAN which has only one
W2K laptop.
My W2K is configured with the Linux system as the gateway. Both systems
can ping each other.
However my laptop is not able to go out to the Internet.
I am desperately trying to make my W2K laptop connect to the Internet.
Please let me know how to make this work.
Thank you in advance.
Subba Rao
subba3@cablespeed.com
#!/bin/sh
echo "Starting Firewall....."
INTERNAL_NET="10.0.0.0/24"
INTERNET=`ifconfig eth0 | grep inet | cut -d : -f 2 | cut -d \ -f 1`
# Flush the tables
/usr/sbin/iptables -F INPUT
/usr/sbin/iptables -F OUTPUT
/usr/sbin/iptables -F FORWARD
/usr/sbin/iptables -t nat -F
# Set default policies for packet entering this box
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
# Allow some packets in but accept all those on the internal interface
/usr/sbin/iptables -A INPUT -i lo -j ACCEPT
/usr/sbin/iptables -A INPUT -i eth0 -j ACCEPT
/usr/sbin/iptables -A INPUT -i eth1 -j ACCEPT
# Masquerade internal system with the public IP address
iptables -t nat -A POSTROUTING -d $INTERNAL_NET -o $INTERNET -j ACCEPT
iptables -t nat -A POSTROUTING -o $INTERNET -s $INTERNAL_NET -j MASQUERADE
# Block inbound connections
/usr/sbin/iptables -A INPUT -i eth0 -p tcp --syn -j DROP
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
next reply other threads:[~2003-01-05 15:19 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-01-05 15:19 Subba Rao [this message]
2003-01-05 16:06 ` Help with Masquerading Rob Sterenborg
2003-01-05 19:00 ` Joel Newkirk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3E184D14.10102@cablespeed.com \
--to=subba3@cablespeed.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox