... for a shrike PC with:
dialup connection, dynamic IP on ppp0
other local PCs connected through eth0
if one wants:
no service whatsoever provided to the outside world
all kind of local traffic among that PC and all the others on the
LAN
all other PCs on the LAN be able to initiate and run whatever they
want on the internet: IM, FTP, telnet, web surfing, audio/video
streaming...
any feedback is highly appreciated!
TIA,
Marco Fioretti
######################################################################
#+---------------------------------------------------------------------------+
modprobe ipt_MASQUERADE # If this fails, try continuing anyway
iptables -F; iptables -t nat -F; iptables -t mangle -F
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
#+---------------------------------------------------------------------------+
#
# Then to secure it:
# for a dial-up connection (with eth0 as the internal network card):
#+---------------------------------------------------------------------------+
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
iptables -P INPUT DROP #only if the first two are succesful
iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT
#+---------------------------------------------------------------------------+
##########################################################################
--
Marco Fioretti m.fioretti, at the server inwind.it
Red Hat for low memory http://www.rule-project.org/en/
Reality is an illusion - perception is what counts.
