NAT nightmare

Mark Street jet at sonic.net
Tue Jul 2 17:59:39 PDT 2002


What does /etc/rc.d/rc.fireall look like?  Are you using iptables or
ipchains....  I have some of both...  Have a peek at the resources on the
nblug.org website.  Frank has some nice examples.

I would give firestarter a whirl and see if it is for you.  A nice gui
interface with a very useful wizard to get you up and going pronto.  Be
sure to pick the advanced settings to get masquerading options.

BASIC NAT forwarding for your network... no other protection.  It has been
awhile since I have used this one.  It may need a cleanup.

IPTABLES=3D/sbin/iptables
 echo "  - Enabling packet forwarding in the kernel"
 echo "1" > /proc/sys/net/ipv4/ip_forward

$IPTABLES --flush
$IPTABLES --table nat --flush
$IPTABLES --delete-chain
$IPTABLES --table nat --delete-chain
$IPTABLES -t nat -A POSTROUTING -o eth1 -j MASQUERADE


On Tue, 2 Jul 2002, Lincoln Peters wrote:

> I'm trying to set up a Linux-based router for a friend.  I have a box
> with Red Hat 7.3 and 2 NIC's (one for the LAN and one for a cable
> modem), and I've ensured that the kernel (version 2.4.18-5) supports
> all of the router options (except ipfwadm), but I can't make it work!
> I have managed to make the router work as a DHCP server for the LAN,
> and I can access the Internet from the router using lynx (that's what
> I'm doing now to send this e-mail).  However, no matter what I try
> with the firewall rules, I can't seem to make it forward anything!
> All of the computers on the LAN can talk to each other, but they give
> me a "Cannot find server" error when they try to access the Internet
> (that's all they say; all these computers except the router are
> running WinXP).
>
> Does anyone know how I should be doing this?
>
> _________________________________________________________________
> Join the world=92s largest e-mail service with MSN Hotmail.
> http://www.hotmail.com
>



More information about the talk mailing list