I hope this hasn't been covered a million times. I'm trying to share the internet connection in my house. I'm very new to IPTABLES, and I can't get the sharing to work. Here is the setup. Please let me know if you need more information. Any help would be greatly appreciated!!! The server is RH 8.0 with IPTABLES, and a DHCP server running. The Clients are a Mac and a PC (9.2 and Win98). Network Connectivity is good. All Three machines can ping each other, via private IPs: 192.168.0.30 192.168.0.22 192.168.0.1 (Internal NIC, Eth1) The two clients have never been able to ping the public Eth0 card. I have set forwarding to one, and that is set to be that way when the computer first boots, with this line: echo 1 > /proc/sys/net/ipv4/ip_forward That line seems to be working okay. Here is the very simple ruleset that I've found on the net, and that seems to make sense: $IPTABLES -P INPUT ACCEPT $IPTABLES -F INPUT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -F OUTPUT $IPTABLES -P FORWARD DROP $IPTABLES -F FORWARD $IPTABLES -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -i eth1 -o eth0 -j ACCEPT $IPTABLES -A FORWARD -j LOG $IPTABLES -t nat -A POSTROUTING -o eth0 -j SNAT --to 208.141.xxx.xxx Here is what the resulting script looks like: *mangle :PREROUTING ACCEPT [4:256] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT # Completed on Mon Nov 11 00:29:53 2002 # Generated by iptables-save v1.2.6a on Mon Nov 11 00:29:53 2002 *nat :PREROUTING ACCEPT [370:28696] :POSTROUTING ACCEPT [396:23845] :OUTPUT ACCEPT [406:24455] -A POSTROUTING -o eth0 -j SNAT --to-source 208.141.xxx.xxx #(my public IP) COMMIT # Completed on Mon Nov 11 00:29:53 2002 # Generated by iptables-save v1.2.6a on Mon Nov 11 00:29:53 2002 *filter :INPUT ACCEPT [140:118403] I am just not sure what I am doing wrong. I don't know where to look to see what kind of error messages might be popping up. Does anyone have any ideas why I cant get packets forwarded from the internal interface to the external interface and out to the internet? Any advice would be greatly appreciated. I've been trying to figure this out for a couple of weeks now. Thanks so much in advance! Bob ps. Where does IPTABLES log to? I notice in the above script it tells the kernel to log all forwarded packets. (at least that is how I read it, I could be wrong). Thanks again.
