more network puzzler now with iptables

Fri, 03 May 2002 17:48:44 -0700 

Posters here got me over the first hurdle of setting up this
experimental network within a network.  I can now ping all internal
machines and ping anything internal/external from M1

         INTERNET
            |
         dsl modem (Static IP)
            |
          ROUTER (gateway) NETGEAR FR314 192.168.0.1
            |
            |--eth0 192.168.0.5
            |  
          --M1--Running Redhat 7.1 [two nics] (with all updates)
            | 
            |--eth1 192.168.1.1
            |
  -----Simple hub (Netgear DS108)--------
            |
            |--ed0 192.168.1.4
          --M2-- (running Freebsd-4.3)

There are actually several machines at the end of this chain, just
showing one for simplicity.  Now I've arrive at the problem of getting 
this forwarded/masqueraded with iptables.

That is the weakest link in this scenario.  I have never been able to
fathom much about iptables.  If your thinking of telling me RTFM,
forget it... I will NEVER learn how to setup Iptables from that
source.  I have read it, and its and handy for seeing what different
flags mean, but I will not learn to use iptables in this lifetime from
the man page.

I've tried  couple of sample scripts, neither has worked but I'm not
knowledgable enough to really take them appart.

Here is a couple of examples I've tried:
(These were wrapped for mail.  No (\) in original.
  iptables -F

  echo "1" > /proc/sys/net/ipv4/ip_forward
  echo "1" > /proc/sys/net/ipv4/ip_dynaddr

  iptables -A FORWARD -i eth1 -o eth0 -m state --state \
    ESTABLISHED,RELATED -j ACCEPT
  iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
  iptables -P FORWARD DROP

  iptables -t nat -F
  iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

I tried rearranging eth1 and eth0 as well
========================================

this one liner fails as well:
  IFINET=eth0
  ADLOCAL=192.168.1
  ADINET=192.168.0.1
  (Note for ADLOCAL I've used all of these:
  192.168.1, 192.168.1.4 and 192.168.1/16 - the actual address is 192.168.1.4)

(also wrapped for mail)
   iptables -t nat -A POSTROUTING -o $IFINET -s $ADLOCAL\
      -j SNAT --to $ADINET

Can someone show me a real basic iptables script that will allow
M2 (in the ascii art) to get to the internet? Thru M5 and then the
hardware router.



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to