Hi
I'm trying to set up my firwall so that I can plug my laptop into eth1
of my desktop and use NAT to access the outside world on the laptop
I've followed the NAT Howto and my firewall contains the following rules
# allow local-only connections
${IPTABLES} -A INPUT -i lo -j ACCEPT
# free output on any interface to any ip for any service
${IPTABLES} -A OUTPUT -j ACCEPT
# permit answers on already established connections
# and permit new connections related to established ones
${IPTABLES} -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
${IPTABLES} -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# allow incomg ssh connections
${IPTABLES} -A INPUT -p tcp --dport ssh -j ACCEPT
# NAT
${IPTABLES} -t nat -A POSTROUTING -o eth0 -j MASQUERADE
${IPTABLES} -A FORWARD -s 10.0.0.0/24 -j ACCEPT
# everything not accepted > /dev/null
${IPTABLES} -P INPUT DROP
${IPTABLES} -P FORWARD DROP
${IPTABLES} -P OUTPUT DROP
# be verbose on dynamic ip-addresses
echo 2 > /proc/sys/net/ipv4/ip_dynaddr
# disable ExplicitCongestionNotification
echo 0 > /proc/sys/net/ipv4/tcp_ecn
# turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
The laptop (PowerBook G4) is assigned an ip address in the range 10.0.0.2-.10
by a DHCP server. eth1 has an ip address 10.0.0.1, and eth0 is the connection
to the outside world. After running ethereal it appears that no packets from
the local network are making it to eth0. However I can ssh into the server if I
use ip address, but not hostname.
Can anyone help me out with this?
Thanks in advance
Adam
