Try reading this article I found it helpful. (http://www.linuxjournal.com/article.php?sid=4815)
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Harry Putnam > Sent: Friday, May 03, 2002 7:08 PM > To: [EMAIL PROTECTED] > Subject: more network puzzler now with iptables > > > Posters here got me over the first hurdle of setting up this > experimental network within a network. I can now ping all internal > machines and ping anything internal/external from M1 > > INTERNET > | > dsl modem (Static IP) > | > ROUTER (gateway) NETGEAR FR314 192.168.0.1 > | > |--eth0 192.168.0.5 > | > --M1--Running Redhat 7.1 [two nics] (with all updates) > | > |--eth1 192.168.1.1 > | > -----Simple hub (Netgear DS108)-------- > | > |--ed0 192.168.1.4 > --M2-- (running Freebsd-4.3) > > There are actually several machines at the end of this chain, just > showing one for simplicity. Now I've arrive at the problem of getting > this forwarded/masqueraded with iptables. > > That is the weakest link in this scenario. I have never been able to > fathom much about iptables. If your thinking of telling me RTFM, > forget it... I will NEVER learn how to setup Iptables from that > source. I have read it, and its and handy for seeing what different > flags mean, but I will not learn to use iptables in this lifetime from > the man page. > > I've tried couple of sample scripts, neither has worked but I'm not > knowledgable enough to really take them appart. > > Here is a couple of examples I've tried: > (These were wrapped for mail. No (\) in original. > iptables -F > > echo "1" > /proc/sys/net/ipv4/ip_forward > echo "1" > /proc/sys/net/ipv4/ip_dynaddr > > iptables -A FORWARD -i eth1 -o eth0 -m state --state \ > ESTABLISHED,RELATED -j ACCEPT > iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT > iptables -P FORWARD DROP > > iptables -t nat -F > iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE > > I tried rearranging eth1 and eth0 as well > ======================================== > > this one liner fails as well: > IFINET=eth0 > ADLOCAL=192.168.1 > ADINET=192.168.0.1 > (Note for ADLOCAL I've used all of these: > 192.168.1, 192.168.1.4 and 192.168.1/16 - the actual address is > 192.168.1.4) > > (also wrapped for mail) > iptables -t nat -A POSTROUTING -o $IFINET -s $ADLOCAL\ > -j SNAT --to $ADINET > > Can someone show me a real basic iptables script that will allow > M2 (in the ascii art) to get to the internet? Thru M5 and then the > hardware router. > > > > _______________________________________________ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
