IP Forwarding/Masquerade
Pete Nesbitt
pete at linux1.ca
Fri Dec 24 02:12:26 UTC 2004
On December 23, 2004 12:53 am, Mollatt Ntini wrote:
> Hello everyone
>
> I have googled and googled, but I believe it's the correct search keyword
> that I am missing. What I am about to ask has been discussed on this list,
> but I just don't seem to be able to track it down - in the archives, FAQ,
> sample configs!
>
> I have one of those *stupid* requests again: I need to put an IP Forwarding
> or IP Masquerade on a REDHAT 9, basically what I need is to have my LAN to
> access any outside network, whether ping, trace etc, and just leave my WAN
> network in its current state. How do I do this.
>
> Please help!
Hi,
If you simply after the rules to allow all outbound traffic and to mask it as
one source IP on the outside, the following is what you need. However, there
is lots more involved to make a secure fw, depending on what else needs to
flow. You still need a proper fw script to flush rules, block bad things etc.
possible values: [ EXT_IF="eth0" LAN_RANGE="192.168.1.0/24"
LAN_IP="192.168.1.254"]
$IPTABLES -A POSTROUTING -t nat -o $EXT_IF -s $LAN_RANGE -j MASQUERADE
$IPTABLES -A FORWARD -i $LAN_IF -s $LAN_RANGE -j ACCEPT
you probably already have these....
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m limit -j LOG --log-prefix "NetF FORWARD CHAIN: "
$IPTABLES -A FORWARD -j DROP
hope that is what your after.
--
Pete Nesbitt, rhce
More information about the redhat-list
mailing list