I strongly suggest looking into "shorewall" as a "front end" for iptables.
Makes life hell of a lot easier.

> -----Original Message-----
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Steve Howard
> Sent: Friday, July 04, 2003 8:13 AM
> To: [EMAIL PROTECTED]
> Subject: Re: RH9 home networking
> 
> 
> Yes, why are you all making this so difficult?
> 
> I use my machine exactly as you want to set up yours.
> It is a RH9 machine that is 
> Firewall/Gateway/WebServer/FTPServer for my home network. The 
> Internet connection sharing is done with iptables forwarding 
> and masquerading packets.
> 
> First you need to make sure that your network is setup 
> properly. Login as root. Edit the /etc/hosts file and make 
> sure that it contains information about any hosts that you 
> want on your network. You can "man hosts" to find out about 
> this file. Then edit the /etc/network file to show some of 
> the following if they apply: GATEWAYDEV=eth0, 
> HOSTNAME=hostname.whatever.whatever, 
> DOMAINNAME=whatever.whatever. Enable packet forwarding by 
> editing the /etc/sysctl.conf file, set net.ipv4.ip_forward 
> =1. Then add four rules to iptables by issuing the following 
> commands as root (You may want to make a copy of 
> /etc/sysconfig/iptables first.)
> 
> /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> 
> /sbin/iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT
> 
> /sbin/iptables -A FORWARD -d 192.168.1.0/24 -j ACCEPT
> 
> /sbin/iptables -A FORWARD -s ! 192.168.1.0/24 -j DROP
> 
> This is assuming that your Internet connection is at eth0 and 
> your private network is 192.168.1.
> 
> Save the rules after you make sure they work by issuing 
> /sbin/iptables-save > /etc/sysconfig/iptables
> 
> Now you can go to each machine on your private net and set 
> static IPs to the values you listed for them in the  
> /etc/hosts file and their gateway will be the static IP that 
> you gave eth1. You could set it up as a proxie and use DHCP 
> to set your networked machines IPs but that would be a 
> different e-mail. Bada Bing shared Internet connection
> 
> To do it right it helps to have a good book. I recommend the 
> Redhat Bible (Negus), I don't know if the 9 version is out 
> yet, I'm still using the 8 version.
> 
> If you want to set it up by clicking in a check box, get windows.
> 
> PS. I'm sure that I left out alot, do the same as I did, buy 
> a book (I have five big fat Linux books). You will not ever 
> get everything you need to know from this list(or get windoze).
> 
> Steve
> 
> 
> -- 
> redhat-list mailing list
> unsubscribe mailto:[EMAIL PROTECTED]
> https://www.redhat.com/mailman/listinfo/redhat-list
> 


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Reply via email to