Re: Firewall help

Suranga Kasturiarachchi wrote:

> Dear all,
> My Linux box has two interfaces(eth0 and eth1). and eth0 connected to internet, eth1 connected to local LAN. the interfaces are using deferent ip. what I want to do is, when the lacal lan user request the internet, I need to resolve there request using iptable. i need to do it without using squid proxy. My internet gateway is and local land is range.
> Please help me on this matter.

The simplest (though not the safest) way to do this:

echo 1 > /proc/sys/net/ipv4/ip_forward

modprobe iptable_nat

iptables --flush
iptables -t nat --flush
iptables -t mangle --flush

iptables --delete-chain
iptables -t nat --delete-chain
iptables -t mangle --delete-chain

iptables -P INPUT ACCEPT

iptables -A INPUT  -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

> thanks,
> suranga


