[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: nat masquerade router



At 11:16 6/15/2004, fedora wrote:
Hi, I'd sure appreciate help with getting my router and host to work!

Just a quick run-through here...


1_ router-
blue.myvnc.com
eth0 - dhcp
eth1 - 192.168.1.1
SubNet Mask 255.255.255.0
Default Gateway: 0.0.0.0

You can safely remove the default gateway from eth1 since it *is* the gateway for its network (192.168.1.0/24).


2A_ in /etc/hosts reads:
127.0.0.1       localhost.localdomain   localhost
192.168.1.10    red.myvnc.com red
#red is the host

I would also add:


192.168.1.1 localhost.localdomain localhost

This is not a problem, just making it better.

4_
Added FORWARD rules

# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# iptables -A FORWARD -s 192.168.0.0/16 -j ACCEPT# iptables -A FORWARD
-d 192.168.0.0/16 -j ACCEPT
# iptables -A FORWARD -s ! 192.168.0.0/16 -j DROP

I would suggest two things:


1. Use 192.168.1.0/24 which is your real internal network. Always match networks properly. Not the cause of your problem, most likely.

2. I don't see you allowing any *incoming* traffic...? You should accept new connections outbound and then accept all related and established traffic in both directions.

Have you thought of using a tool to make your iptables rules? There are quite a few out there. I personally swear by Shorewall, but I also see tons of recommendations for FireStarter which is a GUI application. Even if you *want* to do things by hand, you might want to see what rules something like Firestarter creates to compare them against your own... great learning tool, that.

Cheers,


-- Rodolfo J. Paiz rpaiz simpaticus com http://www.simpaticus.com



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]