I have read these 2 guides:
http://www.tldp.org/HOWTO/Masquerading- ... ndex.html
http://www.tldp.org/HOWTO/IP-Masquerade ... ndex.html
I am still, however, lost. I cannot share the connection between my linux and my windows machine. The iptables runs fine, i can ping the computers, but the connection sharing doesnt work.
The rc.firewalll-2.4 scripts executes with no problems, I have recompiled the kernel and it supports all the necessary options (otherwise the rc.firewall-2.4 would produce an error).
I have problems configuring the scripts. I have the following setup:
eth1: Used for ADSL connection (network card connects to my ADSL modem)
eth0: Used to connect to my Windows XP computer (another network card, direct connection, cross-over).
Winows: one network card, used to connect to my Gentoo computer
That is all the connections I have.
Now, in rc.firewall-2.4 script:
what should be the EXTIF (ppp0, eth0, eth1)?
what should be the INTIF?
In file:/etc/conf.d/net:
what should be the values for 'iface_eth0=' ?
what should be the values for 'iface_eth1=' ?
Should I set any gateways or something?
In Windows XP TCP/IP settings:
what shoud be the IP/Gateway/DNS Server values?
Any other settings I should set on either Windows or Gentoo?
Thank you.
Using: Gentoo Linux 1.4, gentoo-sources-2.4.20-r6
Pls help me configure iptables (internet connection sharing)
Message
Here's my simple firewall script:
The router get's the IP address for the external interface using DHCP:
I have configured the IP addresses on my workstations statically. I manually added the DNS server IP addresses which were provided by the ISP. I set the default gateway for the workstations to point to the internal interface of the Linux router (eth0).
Hope this helps.
Code: Select all
#!/bin/sh
IPTABLES=/sbin/iptables
INTERNAL=eth0
EXTERNAL=eth1
# flush existing rules
$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
# apply rules for NAT and firewall
$IPTABLES -t nat -A POSTROUTING -o $EXTERNAL -j MASQUERADE
$IPTABLES -A INPUT -m state --state NEW,INVALID -i $EXTERNAL -j DROP
$IPTABLES -A FORWARD -m state --state NEW,INVALID -i $EXTERNAL -j DROP
# turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
Code: Select all
dhcpcd -h [ISP-assigned hostname] eth1Hope this helps.
CLICK HERE, ah nevermind, I'll just cut and paste it here..
Did you install rp-pppoe? Do that if you haven't already.
I have 2 network cards, one connects to my network(eth1), the other to the internet using ADSL(ppp0 over eth0).
First, do you have all the right kernel modules installed?
Here is my configuration thus far....
For the kernel, under networking options I have
For my firewall I created a scripts as follows
nano firewall.txt (call it whatever you want) then enter the following
chmod the script as follows so you can execute it
/etc/init.d/iptables save
You should be good to go!
P.S. ICS is also known as IP MASQUERADING for future searches
Did you install rp-pppoe? Do that if you haven't already.
I have 2 network cards, one connects to my network(eth1), the other to the internet using ADSL(ppp0 over eth0).
First, do you have all the right kernel modules installed?
Here is my configuration thus far....
For the kernel, under networking options I have
Then under IP Netfilter Configuration (which is found under networkting options) I have<*> Packet socket
[*] Packet socket: mmapped IO
[*] Network packet filtering (replaces ipchains)
[*] Socket Filtering
<*> Unix domain sockets
[*] TCP/IP networking
[*] IP: advanced router
(Plus the PPP modules)<*> Connection tracking (required for masq/NAT)
<*> FTP protocol support
<*> IP tables support (required for filtering/masq/NAT)
<*> limit match support
<*> Connection state match support
<*> Packet filtering
<*> REJECT target support
<*> Full NAT
<*> MASQUERADE target support
<*> REDIRECT target support
For my firewall I created a scripts as follows
nano firewall.txt (call it whatever you want) then enter the following
eth1 is the network(ethernet) card connected to my network. ppp0 is my adsl connection to the internet.iptables -F
iptables -t nat -F
iptables -A POSTROUTING -t nat -o ppp0 -j MASQUERADE
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -p all -j ACCEPT
iptables -A INPUT -i eth1 -p all -j ACCEPT
iptables -A INPUT -p icmp -j DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i lo -p all -j ACCEPT
iptables -A FORWARD -i eth1 -p all -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -L
chmod the script as follows so you can execute it
then typechmod 700 firewall.txt
This will enter the rules into your iptables and you should see the following on your screen./firewall.txt
Now in /etc/conf.d/local.start add the followingChain INPUT (policy DROP):15:02 2003
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
In /etc/conf.d/iptables set ipv4 forwarding to yes then runadsl-start
echo 1 > /proc/sys/net/ipv4/ip_forward
/etc/init.d/iptables save
You should be good to go!
P.S. ICS is also known as IP MASQUERADING for future searches
