Here's the top of my firewall's iptables script: #!/bin/sh IPTABLES="/sbin/iptables" #Time to clean house #Clear out any existing firewall rules, and any chains that might have #been created $IPTABLES -F $IPTABLES -F INPUT $IPTABLES -F OUTPUT $IPTABLES -F FORWARD $IPTABLES -F -t mangle $IPTABLES -F -t nat $IPTABLES -X #Setup our policies $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT ACCEPT $IPTABLES -P FORWARD DROP #Our actual rules $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -p all -m state --state NEW -s 192.168.0.0/24 -j ACCEPT Note that *MY* network, behind my firewall, is set up as a 192.168.0.0/24 network...substitute your network range in its place. On Tue, 17 Jun 2003, Ricky Malt wrote: > Hi, > I am currently using ' Rusty's Three-Line Guide To Masquerading '. i.e. > # ipchains -P forward DENY > # ipchains -A forward -i ppp0 -j MASQ > # echo 1 > /proc/sys/net/ipv4/ip_forward > > this is making my linux box as a gateway for all on my lan. > > 1 . How can i achieve this with iptables. > 2 . and how can i restrict a particular ip/host to access this as a gw > to the internet > > I am new to ip filtering. > > Regards > > > > -- Mike Burger http://www.bubbanfriends.org Visit the Dog Pound II BBS telnet://dogpound2.citadel.org or http://dogpound2.citadel.org:2000 To be notified of updates to the web site, send a message to: site-update-request@xxxxxxxxxxxxxxxxx with a message of: subscribe
