Re: iptables masq. and gateway

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Joe wrote:

Ricky Malt wrote:

Hi,
I am currently using ' Rusty's Three-Line Guide To Masquerading '. i.e.
# ipchains -P forward DENY
# ipchains -A forward -i ppp0 -j MASQ
# echo 1 > /proc/sys/net/ipv4/ip_forward


this is making my linux box as a gateway for all on my lan. 1 . How can i achieve this with iptables.
2 . and how can i restrict a particular ip/host to access this as a gw
to the internet


There would be a few more lines, but a
really barebones approach would be like
the commands below -

# assuming eth1 is the internet facing interface
EXT_ADDR=`ifconfig eth1 |grep inet |awk -F: '{ print $2 }' |awk '{ print $1 }'`


# all other modules will autoload -
modprobe ip_tables
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp

# default policies
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

# nat rule
iptables -t nat -A POSTROUTING -s $allowed_host address -o eth1 -j SNAT --to $EXT_ADDR

Whoops the line above should contain $allowed_host_address




# forward packets
echo "1" > /proc/sys/net/ipv4/ip_forward









[Index of Archives]     [Fedora Users]     [Centos Users]     [Kernel Development]     [Red Hat Install]     [Red Hat Watch]     [Red Hat Development]     [Red Hat Phoebe Beta]     [Yosemite Forum]     [Fedora Discussion]     [Gimp]     [Stuff]     [Yosemite News]

  Powered by Linux