Ricky Malt wrote:
Hi,
I am currently using ' Rusty's Three-Line Guide To Masquerading '. i.e.
# ipchains -P forward DENY
# ipchains -A forward -i ppp0 -j MASQ
# echo 1 > /proc/sys/net/ipv4/ip_forward
this is making my linux box as a gateway for all on my lan. 1 . How can i achieve this with iptables.
2 . and how can i restrict a particular ip/host to access this as a gw
to the internet
There would be a few more lines, but a really barebones approach would be like the commands below -
# assuming eth1 is the internet facing interface
EXT_ADDR=`ifconfig eth1 |grep inet |awk -F: '{ print $2 }' |awk '{ print $1 }'`
# all other modules will autoload - modprobe ip_tables modprobe ip_conntrack_ftp modprobe ip_nat_ftp
# default policies iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP
# nat rule
iptables -t nat -A POSTROUTING -s $allowed_host address -o eth1 -j SNAT --to $EXT_ADDR
Whoops the line above should contain $allowed_host_address
# forward packets echo "1" > /proc/sys/net/ipv4/ip_forward
