Re: iptables nat masquerade

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On January 29, 2004 09:21 am, Kent Borg wrote:
> On Wed, Jan 28, 2004 at 01:00:06PM -0800, Jim Austin wrote:
> > Am trying to set up IP masquerading on my RH9 box that has two NICs.
> > One connects to a W2k box (eth0) and the other (eth1) to a DSL DHCP
> > connection.
>
> I have a related question: I have a notebook with an ethernet port and
> a PCMCIA jack into which I frequently have an 802.11b card plugged.
> How hard would it be to route between the two, one direction or the
> other:
>
>  0. Don't route anything, this would be the default unless I decided
>     to do otherwise.
>
>  1. When plugged into ethernet for an internet connection, I would
>     like the option to be a NATing wifi access point for others to get
>     on the internet.
>
>  2. When getting on the internet via my 802.11b card, I would like the
>     option to offer NATing internet access to others via my ethernet
>     connector.  (I think this thread has already mostly answered this
>     part of my question.)
>
> I suppose in both cases it would also be good to be a DHCP server, but
> I have set up a DHCP server, that isn't mysterious to me.
>
> Is this hard?
>
>
> Thanks,
>
> -kb

One thing you may look at is setting a number of firewall rules sets, then 
activate them with different stanzas in /etc/rc.d/init.d/iptables
Look at the bottom of the file and you'll see how to add keywords that can 
trigger different parts of the file to execute using:
 "service iptables <keyword>"  ("service iptables start")

or you could have the rules in a file that is called based on an additional 
argument:
"service iptables restart noroute"

You can kill routing by doing either or both of:
run: echo "0" >/proc/sys/net/ipv4/ip_forward
or add single, or first, FORWARD rule: 
$IPTABLES -A FORWARD -j REJECT --reject-with routing_off

It looks like both routing setups are the same except you would simple reverse 
the nic definitions.  You could even leave the rules the same and just change 
the vars:
NIC1=eth0  NIC2=wifi0 (not sure how wifi are defined, check ifconfig or...)
NIC1=wifi0  NIC2=eth0

Hope that makes some sense.
-- 
Pete Nesbitt, rhce


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]

  Powered by Linux