[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Setup of Gateway/Firewall

Michael Boyd wrote:
> [...]
> I tried entering the following commands manually as root to get the
> debian box to forward packets:-
> echo "1" > /proc/sys/net/ipv4/ip_forward
> iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
> But the last line generated an error message which I think was to do
> with the MASQUERADE part.

Try doing 'modprobe ipt_MASQUERADE' before the iptables step. The
Masquerading-Simple-HOWTO on http://www.tldp.org is a good start to
making an iptables firewall, along with the IP-Masquerade-HOWTO.

> Then I reviewed the packages available and decided to install 'ipmasq'. 
> After a reboot I could ping the outside world and access the internet
> from the Win98 machine with no problems.  I *was* planning to keep
> 'ipmasq' installed and add iptables rules.
> However, I have just re-read some of the messages from this list which I
> filed for future reference.  I get the impression that I shouldn't need
> 'ipmasq' and can achieve the same with iptables.  Is that correct?  If
> so, does anyone have a small iptables script which I can use to
> reproduce the functionality I have at present or point out what I have
> done wrong?

I'm guessing that when ipmasq is running, if you do 'lsmod', you should
see ipt_MASQUERADE, maybe along with some other iptables modules. You
just need to have these loaded before inserting some iptables rules.

If you're interested in seeing a somewhat-complicated firewall script, I
have one of my older scripts at
http://www.people.iup.edu/bclg/rules-explanation.txt . eth0 was my lan
interface, and eth1 was the external interface.


  Jason McCarty

Reply to: