On January 28, 2004 01:00 pm, Jim Austin wrote: > Hello, > > Am trying to set up IP masquerading on my RH9 box that has two NICs. > One connects to a W2k box (eth0) and the other (eth1) to a DSL DHCP > connection. Ping connection is fine between the two PCs is fine. Here > is what I've done. > > 1) ip_forward is turned on. > 2) iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > 3 ) Default gateway on the W2k box is the IP of the eth0 interface on > the RH9 box. > 4) DNS servers are setup on the W2k box. > > Not sure how to configure Moizilla on the Windows machine... I've tried > using a manual proxy connection with the HTTP proxy ip of the eth0 on > RH9 and a port of 8080. Nada... Can't ping through the RH9 box to ISP > either. > > Would sure appreciate it if someone can help. What I am missing? > Thanks very much, > Jim Hi Jim, Once you get masquerade set up you will not need to use any proxy settings on your inside box(s), unless you are running squid or something. All you need for rules, if you are not too paranoid, don't want to talk to the firewall (should add ssh in from lan!!), allow nothing in and anything from the lan out, then this should cover it: clean them: $IPTABLES -F INPUT $IPTABLES -F FORWARD $IPTABLES -F OUTPUT set policies: $IPTABLES -P INPUT DROP $IPTABLES -P FORWARD DROP $IPTABLES -P OUTPUT DROP allow the lan out, nothing new in, log attempts. $IPTABLES -A POSTROUTING -t nat -o $EXT_IF -s $LAN_RANGE -j MASQUERADE $IPTABLES -A FORWARD -i $LAN_IF -s $LAN_RANGE -j ACCEPT $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A INPUT -m limit -j LOG --log-prefix "NetF INPUT CHAIN: " $IPTABLES -A FORWARD -m limit -j LOG --log-prefix "NetF FORWARD CHAIN: " $IPTABLES -A FORWARD -j DROP $IPTABLES -A INPUT -j DROP -- Pete Nesbitt, rhce -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
