Re: Setup of Gateway/Firewall
Hi Michael,
Michael Boyd écrivait :
> 1. Install bf24 woody, i.e. with a 2.4 kernel, and no added packages;
> 2. eth0 (connected to the cable modem) is set-up by dhcp;
> 3. eth1 (internal) manually added to ifconfig;
You should put it in "/etc/network/interfaces".
> 4. added scripts which run the following commands in run level 2...
> modprobe ipt_MASQUERADE
You may put it in "/etc/modules", but no need since it's automagically loaded.
> echo "1" > /proc/sys/net/ipv4/ip_forward
You should change it in "/etc/network/options".
> iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
You should use "-o eth0" and not "-o eth1".
You want to maquerade to Internet, not from it.
> 5. I can ping eth0 and eth1 from the internal Win98 machine.
> 6. I can ping the internet from the gateway.
> 7. I can't ping the internet from the Win98 machine.
Because of the mistake in the masquerade rule above.
> 8. iptables --list shows ACCEPT policies for the input, output and
> forward chains
Use "iptables -t nat -nL" if you want to see the NAT rules.
Cheers, J.C.
--
Jean Christophe ANDRÉ <jean-christophe.andre@auf.org> http://www.vn.refer.org/
Coordonnateur technique régional / Associé principal technologie projet Reflets
Agence universitaire de la Francophonie (AuF) / Bureau Asie-Pacifique (BAP)
Adresse postale : AUF, 21 Lê Thánh Tông, T.T. Hoàn Kiếm, Hà Nội, Việt Nam
Tél. : +84 4 9331108 Fax : +84 4 8247383 Mobile : +84 91 3248747
/ Note personnelle : merci d'évitez de m'envoyer des fichiers PowerPoint ou \
\ Word ; voir ici : http://www.fsf.org/philosophy/no-word-attachments.fr.html /
Reply to: