On Saturday 04 May 2002 03:08, Harry Putnam wrote: > Posters here got me over the first hurdle of setting up this > experimental network within a network. I can now ping all internal > machines and ping anything internal/external from M1 > > INTERNET > > dsl modem (Static IP) > > ROUTER (gateway) NETGEAR FR314 192.168.0.1 > > |--eth0 192.168.0.5 > > --M1--Running Redhat 7.1 [two nics] (with all updates) > > |--eth1 192.168.1.1 > > -----Simple hub (Netgear DS108)-------- > > |--ed0 192.168.1.4 > > --M2-- (running Freebsd-4.3) > > There are actually several machines at the end of this chain, just > showing one for simplicity. Now I've arrive at the problem of getting > this forwarded/masqueraded with iptables. > > That is the weakest link in this scenario. I have never been able to > fathom much about iptables. If your thinking of telling me RTFM, > forget it... I will NEVER learn how to setup Iptables from that > source. I have read it, and its and handy for seeing what different > flags mean, but I will not learn to use iptables in this lifetime from > the man page. > > I've tried couple of sample scripts, neither has worked but I'm not > knowledgable enough to really take them appart. > > Here is a couple of examples I've tried: > (These were wrapped for mail. No (\) in original. > iptables -F > > echo "1" > /proc/sys/net/ipv4/ip_forward > echo "1" > /proc/sys/net/ipv4/ip_dynaddr > > iptables -A FORWARD -i eth1 -o eth0 -m state --state \ > ESTABLISHED,RELATED -j ACCEPT > iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT > iptables -P FORWARD DROP > > iptables -t nat -F > iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE > > I tried rearranging eth1 and eth0 as well > ======================================== > > this one liner fails as well: > IFINET=eth0 > ADLOCAL=192.168.1 > ADINET=192.168.0.1 > (Note for ADLOCAL I've used all of these: > 192.168.1, 192.168.1.4 and 192.168.1/16 - the actual address is > 192.168.1.4) > > (also wrapped for mail) > iptables -t nat -A POSTROUTING -o $IFINET -s $ADLOCAL\ > -j SNAT --to $ADINET > > Can someone show me a real basic iptables script that will allow > M2 (in the ascii art) to get to the internet? Thru M5 and then the > hardware router.
hmm... how about this : /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward let me know if that worked. tal. > > > > _______________________________________________ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list -- ----------------------------------------------- [root@localhost /]# make love make: stop : dont know how to make love [root@localhost /]#ls Amir Tal, ICQ : 15748705 http://www.whatsup.org.il ----------------------------------------------- _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
