>From: Chad and Doria Skinner <[EMAIL PROTECTED]>
>Subject: RE: more network puzzler now with iptables
>In-reply-to: <[EMAIL PROTECTED]>
>
>Try reading this article I found it helpful.
>(http://www.linuxjournal.com/article.php?sid=4815)
>
>> -----Original Message-----
> >From: [EMAIL PROTECTED]
> >[mailto:[EMAIL PROTECTED]]On Behalf Of Harry Putnam
> >Sent: Friday, May 03, 2002 7:08 PM
> >To: [EMAIL PROTECTED]
> >Subject: more network puzzler now with iptables
>>
>>
> >Posters here got me over the first hurdle of setting up this
> >experimental network within a network. I can now ping all internal
> >machines and ping anything internal/external from M1
>>
> > INTERNET
> > |
> > dsl modem (Static IP)
> > |
> > ROUTER (gateway) NETGEAR FR314 192.168.0.1
> > |
> > |--eth0 192.168.0.5
> > |
> > --M1--Running Redhat 7.1 [two nics] (with all updates)
> > |
> > |--eth1 192.168.1.1
> > |
> > -----Simple hub (Netgear DS108)--------
> > |
> > |--ed0 192.168.1.4
> > --M2-- (running Freebsd-4.3)
>>
> >There are actually several machines at the end of this chain, just
> >showing one for simplicity. Now I've arrive at the problem of getting
> >this forwarded/masqueraded with iptables.
>>
> >That is the weakest link in this scenario. I have never been able to
> >fathom much about iptables. If your thinking of telling me RTFM,
> >forget it... I will NEVER learn how to setup Iptables from that
> >source. I have read it, and its and handy for seeing what different
> >flags mean, but I will not learn to use iptables in this lifetime from
> >the man page.
>
Have you tried a GUI "frontend" for iptables - just to get things secure. I've
found them to be useful to "see" what rules are being applied to what. Once you get
the hang of it, you can ditch the GUI.
Take a look at Firestarter at http://www.sorceforge.net
It has a Gnome interface, lets you start and stop the firewall, and shows
graphically what traffic is being allowed and denied from where, and keeps track of
"hits" on the firewall. It works with either ipchains or iptables.
---Tom
>> I've tried couple of sample scripts, neither has worked but I'm not
>>knowledgable enough to really take them appart.
>>
>> Here is a couple of examples I've tried:
>> (These were wrapped for mail. No (\) in original.
>> iptables -F
>>
>> echo "1" > /proc/sys/net/ipv4/ip_forward
>> echo "1" > /proc/sys/net/ipv4/ip_dynaddr
>>
>> iptables -A FORWARD -i eth1 -o eth0 -m state --state \
>> ESTABLISHED,RELATED -j ACCEPT
>> iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
>> iptables -P FORWARD DROP
>>
>> iptables -t nat -F
>> iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
>>
>> I tried rearranging eth1 and eth0 as well
>>========================================
>>
>> this one liner fails as well:
>> IFINET=eth0
>> ADLOCAL=192.168.1
>> ADINET=192.168.0.1
>> (Note for ADLOCAL I've used all of these:
>> 192.168.1, 192.168.1.4 and 192.168.1/16 - the actual address is
>> 192.168.1.4)
>>
>> (also wrapped for mail)
>> iptables -t nat -A POSTROUTING -o $IFINET -s $ADLOCAL\
>> -j SNAT --to $ADINET
>>
>> Can someone show me a real basic iptables script that will allow
>> M2 (in the ascii art) to get to the internet? Thru M5 and then the
>> hardware router.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
