masquerading (NAT) firewall with firewall-easy

To: debian-firewall@lists.debian.org
Subject: masquerading (NAT) firewall with firewall-easy
From: Edmund GRIMLEY EVANS <edmundo@rano.org>
Date: Sun, 11 Jul 2004 09:40:28 +0100
Message-id: <[🔎] 20040711084028.pWyiEg.qPS7mp@rano.org>

If anyone has managed to set up a masquerading firewall with
firewall-easy, could they please tell me how they did it?

Or recommend an alternative package for the same purpose?

The only configuration change I've made to firewall-easy.conf is to
add LOCALNET_IFACES=eth1 and ADSL_IFACES=eth0. From reading the config
files and the man pages I can't see what else would be required.

The output of "iptables -n -L" and "firewall-easy debug" looks correct
to me, though there's a lot of it and I might have overlooked
something.

Everything else is working apart from masquerading, obviously: I have
ssh from the server to the client, http from the client to the server,
and http from the server to the Internet. Now I would like http from
the client to the Internet to work, and maybe some other services.

I have tried studying the Linux iptables HOWTO and the Linux IP
Masquerade HOWTO. Sadly, I was unable to get the low-level
instructions in the latter document to work, either.

It's a standard Debian kernel, 2.4.26. I did "dpkg --purge ipmasq" in
case it interferes. (I used to have masquerading that worked using the
package ipmasq, with PPP and an older kernel.)

Reply to:

Follow-Ups:
- Re: masquerading (NAT) firewall with firewall-easy
  - From: Daniel Pittman <daniel@rimspace.net>
- Re: masquerading (NAT) firewall with firewall-easy
  - From: Edmund GRIMLEY EVANS <edmundo@rano.org>

Prev by Date: Re: strange http log entry
Next by Date: Re: masquerading (NAT) firewall with firewall-easy
Previous by thread: DIDES-laposte.net-10/07/04 <<#448722-352398#>>
Next by thread: Re: masquerading (NAT) firewall with firewall-easy
Index(es):
- Date
- Thread