NAT and IPTABLES problem
I'm trying to give internet access to a subnet. On my Debian Etch pc, I tried to configure NAT on IPtables, but I can get it working.
I used rules, with packets filtering, and after without it, but it's not working. Most simple rulles I've been using are:
#!/bin/sh
IPTABLES='/sbin/iptables'
EXTIF='eth1'
INTIF='eth2'
# enable ip forwarding in the kernel
/bin/echo 1 > /proc/sys/net/ipv4/ip_forward
# flush rules and delete chains
$IPTABLES -F
$IPTABLES -X
$IPTABLES -t nat --flush
$IPTABLES -t nat --delete-chain
#Enable masquerading to allow LAN internet access
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
#Forward LAN traffic from LAN $INTIF to Internet $EXTIF
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -m state --state
NEW,ESTABLISHED -j ACCEPT
And it's just not working, the rulles above should forward all packets without any filtering from subnet eth2, to eth1 which has an static IP provided by my ISP. That type of maquerade, as far as I read, is for dynamically allocated IPs, but I tried something like this:
$IPTABLES -t nat -A POSTROUTING -s 192.168.5.0/24 -o eth1 -j SNAT --to xx.xx.xx.xxx, and it's still not working.
Now if I do somethig like this, on a pc in the subnet;
C:\ ping yahoo.com
Request timed out.
I'm obviously doing somethig wrong, but I just can't figured it out.
Any help would be appreciated.
Mihai Chindea
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.
Reply to: