Re: Setup of Gateway/Firewall
Michael Boyd wrote:
> [...]
>
> I tried entering the following commands manually as root to get the
> debian box to forward packets:-
>
> echo "1" > /proc/sys/net/ipv4/ip_forward
> iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
>
> But the last line generated an error message which I think was to do
> with the MASQUERADE part.
Try doing 'modprobe ipt_MASQUERADE' before the iptables step. The
Masquerading-Simple-HOWTO on http://www.tldp.org is a good start to
making an iptables firewall, along with the IP-Masquerade-HOWTO.
> Then I reviewed the packages available and decided to install 'ipmasq'.
> After a reboot I could ping the outside world and access the internet
> from the Win98 machine with no problems. I *was* planning to keep
> 'ipmasq' installed and add iptables rules.
>
> However, I have just re-read some of the messages from this list which I
> filed for future reference. I get the impression that I shouldn't need
> 'ipmasq' and can achieve the same with iptables. Is that correct? If
> so, does anyone have a small iptables script which I can use to
> reproduce the functionality I have at present or point out what I have
> done wrong?
I'm guessing that when ipmasq is running, if you do 'lsmod', you should
see ipt_MASQUERADE, maybe along with some other iptables modules. You
just need to have these loaded before inserting some iptables rules.
If you're interested in seeing a somewhat-complicated firewall script, I
have one of my older scripts at
http://www.people.iup.edu/bclg/rules-explanation.txt . eth0 was my lan
interface, and eth1 was the external interface.
HTH,
Jason McCarty
Reply to: