On Thursday 15 January 2004 1:04 am, Minh Cao wrote: > Hi, > > I am new to iptables. > Please help me to create a rules, which allows everything in and out both > interfaces. I wonder why you want this - because it is an open router - there is no point in using netfilter (which is used to block things) if you want to allow everything.... > What I have but not worked: > iptables -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT > iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT > > iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE What you have shown above looks as though it will do what you want (it is, of course just a router, very insecure, and does not qualify as a firewall, but it meets your specification). Some questions: 1. Do you have packet forwarding turned on in the kernel (cat /proc/sys/net/ipv4/ip_forward)? 2. What are the default policies on your netfilter chains (iptables -L)? 3. You say the above has not worked - how have you tested it? 4. Do packets get across the router in either direction (internal to external? external to internal)? 5. Have you read Oskar Andreasson's netfilter tutorial at http://iptables-tutorial.frozentux.net, referenced on the netfilter home page http://www.netfilter.org/documentation/index.html#documentation-tutorials? 6. Did the machine work as a simple router before you tried adding netfilter rules? Regards, Antony. -- Software development can be quick, high quality, or low cost. The customer gets to pick any two out of three. Please reply to the list; please don't CC me.
