l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
November 4: Social gathering
Next Installfest:
TBD
Latest News:
Oct. 24: LUGOD election season has begun!
Page last updated:
2001 Dec 30 17:08

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Linux as gateway
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Linux as gateway



Hi:

If you just set all your rules to the default, then I don't think iptables will
masquerade correctly.  BUT THIS SCRIPT HAS NOT BEEN TESTED FOR SECURITY.  If
you choose to use it, use at your own risk.  I was just trying to get the
basics working.  But there was one problem, I couldn't get the (local) loopback
interface on the masquerade machine to masquerade correctly.  But all other
boxes on the subnet worked fine. HTHO

jan

Here is my <snipped> version of my iptables script:

<<BEGIN SCRIPT>>
#!/bin/bash
#
#Point this to your copy of ip_tables
IPT="/usr/local/sbin/iptables"
#Load the module.
modprobe ip_tables

#Flush old rules, delete the firewall chain if it exists
$IPT -F
$IPT -F -t nat
$IPT -X firewall

#Setup Masquerading
$IPT -A POSTROUTING -t nat -s your.int.net.0/24 -j SNAT --to-source
your.ext.ip.addr
$IPT -A POSTROUTING -t nat -s 0/0 -j DROP
$IPT -P FORWARD ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward

#Set up the firewall chain
$IPT -N firewall
$IPT -A firewall -j LOG --log-level info --log-prefix "Firewall:"
$IPT -A firewall -j DROP
#Accept DNS, 'cause it's warm and friendly
$IPT -A INPUT -p udp --source-port 53 -j ACCEPT
$IPT -A INPUT -p tcp --source-port 113 -j ACCEPT
$IPT -A INPUT -p tcp --destination-port 113 -j ACCEPT

#Send everything else to the firewall.
$IPT -A INPUT -p icmp -j firewall
$IPT -A INPUT -p tcp --syn -j firewall
$IPT -A INPUT -p udp -j firewall

<<END SCRIPT>>

> I'm trying to let a Redhat 7.1 act as a gateway, following steps are
> what I did on the gateway machine:
> 1. echo 1 > /proc/sys/net/ipv4/ip_forward
> 2. ensure iptables's all default policies to be ACCEPT, such as FORWARD,
> INPUT, OUTPUT, POSTROUTING...
> 
> Then in the internal machines, I set the default gateway to be the
> internal ip address of the gateway.
> 
> From the internal machines, I can ping the internal ip address of the
> gateway, and the external ip address of the gateway. But when I tried
> to ping some other external ip address, it always failed without any
> response.
> 
> Anybody can figure out if I did something wrong? Thanks a lot!
> 
> Jimmy


__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!