[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: nat masquerade router

At 11:16 6/15/2004, fedora wrote:
Hi, I'd sure appreciate help with getting my router and host to work!

Just a quick run-through here...

1_ router-
eth0 - dhcp
eth1 -
SubNet Mask
Default Gateway:

You can safely remove the default gateway from eth1 since it *is* the gateway for its network (

2A_ in /etc/hosts reads:       localhost.localdomain   localhost    red.myvnc.com red
#red is the host

I would also add: localhost.localdomain localhost

This is not a problem, just making it better.

Added FORWARD rules

# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# iptables -A FORWARD -s -j ACCEPT# iptables -A FORWARD
-d -j ACCEPT
# iptables -A FORWARD -s ! -j DROP

I would suggest two things:

1. Use which is your real internal network. Always match networks properly. Not the cause of your problem, most likely.

2. I don't see you allowing any *incoming* traffic...? You should accept new connections outbound and then accept all related and established traffic in both directions.

Have you thought of using a tool to make your iptables rules? There are quite a few out there. I personally swear by Shorewall, but I also see tons of recommendations for FireStarter which is a GUI application. Even if you *want* to do things by hand, you might want to see what rules something like Firestarter creates to compare them against your own... great learning tool, that.


-- Rodolfo J. Paiz rpaiz simpaticus com http://www.simpaticus.com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]