Am Fre, 2003-02-28 um 06.26 schrieb muffadal.essaji@mail.intafrica.com: > hi. > i need a step by step prodecure to configure NAT. > I havee eth1 thats my internal internetwork > and eth0 which have a public ip. Ok, lets see. Either you have a static or dynamic public IP. #!/bin/bash # Firewall skript # We need to load several modules for NAT modprobe ip_tables modprobe ip_conntrack_ftp modprobe ip_nat_ftp #In both cases you need to have forwarding on: sysctl -w net.ipv4.ip_forward=1 #In both cases you need some rules to forward the traffic: # Drop everything by default iptables -P FORWARD DROP # Allow new connections from the inside iptables -A FORWARD -i eth1 -o eth0 -m state --state NEW -j ACCEPT # Allow established connections to communicate iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT # Now NAT, you want the following rule for a static IP iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to <enter your IP here> # if you use a dynamic IP you need: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE Cheers, Ralf > i need all internal machines to access the internet. > i went to documentation but i went crazy. > urgent help. > yours > muffadal > > > -- Ralf Spenneberg RHCE, RHCX IPsec/PPTP Kernels for Red Hat Linux: http://www.spenneberg.com/.net/.org/.de Honeynet Project Mirror: http://honeynet.spenneberg.org Snort Mirror: http://snort.spenneberg.org
