[H-GEN] router woes (iptables specific?)
Nikolai Lusan
nikolai at humbug.org.au
Wed Jul 17 20:52:40 EDT 2002
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
On Thu, 18 Jul 2002, Matthew Taylor wrote:
> Scott Pullen wrote:
>
> On advice I'm starting with iptables, using the rc.firewall script from
> the IP-Masquerade-HOWTO, currently re-reading the iptables man pages,
> and various howtos to 'get a grip' on iptables, on the steep learning
> curve at moment. attached file shows the iptables --list output. If
> someone has a 'simple' working example of iptables or can 'spot the
> obvious' I'd appreciate this.
>
Rusty's guide has the quick fix masq stuff in it. In your case it would
go something like:
/sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d ! 192.168.1.0/24 -j MASQUERADE
all network address translation (NAT) happens in the nat table, this
includes SNAT, DNAT and MASQUERADE. SNAT (Source NAT) and DNAT
(Destination NAT) are useful and funky :)
> at moment I can
> ping client (192.168.1.12) from router
> ping router eth1 (192.168.1.1) from client
> ping router (203.51.218.126) from client
> cannot ping anything on 'net from client
> can ping anything on 'net from router.
run that iptables line and see what happens. Maybe we need to have an
"Iptables basics" talk at some point.
Nikolai
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list