Re: Firewall help

To: Suranga Kasturiarachchi <gnudotlinuxdotsuranga@gartexlk.com>
Cc: debian-firewall@lists.debian.org
Subject: Re: Firewall help
From: Henk.Roose@cwi.nl
Date: Tue, 5 Apr 2005 13:01:45 +0200
Message-id: <[🔎] 20050405110145.GS1440@namibia.cst.cwi.nl>
In-reply-to: <[🔎] 002c01c539c5$bcbf2070$6401a8c0@main.gartexlk.com>
References: <[🔎] 002c01c539c5$bcbf2070$6401a8c0@main.gartexlk.com>

Suranga Kasturiarachchi wrote:

> Dear all,
> 
> My Linux box has two interfaces(eth0 and eth1). and eth0 connected to internet, eth1 connected to local LAN. the interfaces are using deferent ip. what I want to do is, when the lacal lan user request the internet, I need to resolve there request using iptable. i need to do it without using squid proxy. My internet gateway is 202.51.140.129(eth0) and local land is 192.168.1.0 range.
> 
> Please help me on this matter.

The simplest (though not the safest) way to do this:

echo 1 > /proc/sys/net/ipv4/ip_forward

modprobe iptable_nat

iptables --flush
iptables -t nat --flush
iptables -t mangle --flush

iptables --delete-chain
iptables -t nat --delete-chain
iptables -t mangle --delete-chain

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

iptables -A INPUT  -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


> 
> thanks,
> 
> suranga
> 

Henk

--
Henk Roose <Henk.Roose@cwi.nl>
CWI - Centrum voor Wiskunde en Informatica
Centre for Mathematics and Computer Science
Amsterdam (NL)

Reply to:

Follow-Ups:
- RE: Firewall help
  - From: "Salvatore Filorizzo" <salvatore.filorizzo@cfwb.be>
- RE: Firewall help
  - From: "Salvatore Filorizzo" <salvatore.filorizzo@cfwb.be>

References:
- Firewall help
  - From: "Suranga Kasturiarachchi" <gnudotlinuxdotsuranga@gartexlk.com>

Prev by Date: Firewall help
Next by Date: Re: rules for 2nd inteface on gateway
Previous by thread: Firewall help
Next by thread: RE: Firewall help
Index(es):
- Date
- Thread