alo..ive got small problem
my linux server cant act as nat to client...

linux = eth0 to lan
ppp0 to internet dialup modem
eth0 = 192.168.0.5

client = xp can ping to linux..and can sharing file through samba..
gateway have set to 192.168.0.5

linux can going internet...ihv tried traceroute www.google.com
when connected to internet....

why is my client cant connnect to internet through linux ?

ive done

uda echo 1 > /proc/sys/net/ipv4/ip_forward

/sbin/iptables --flush
/sbin/iptables --table nat --flush
/sbin/iptables --delete-chain
/sbin/iptables --table nat --delete-chain
/sbin/iptables -t nat -A POSTROUTING -d 0/0 -o ppp0 -j MASQUERADE

lsmod | grep ip
everything about masquerade are up

tq master...

The documentation on iptables is not especially clear on this point, but you must not only do the NAT, but must also actually put in a FORWARD rule (unless your iptables is set to forward everything, which is not a good idea). Check your forwarding rules with to see what the default policy is, and to see if there are any rules in place already.

A correct ruleset for this situation is
This will pass all outbound TCP connections from behind the firewall, and allow the returns. It will not allow any UDP or ICMP traffic through the firewall. (Separate rules in the INPUT chain can determine what is allowed to terminate on the firewall machine, where you may have public services available either via TCP or UDP.)

Finally, make sure that your client machine (behind the firewall) has its Default Gateway set to the correct address. You can find this by following the chain . The address to use is the IP address of eth0 on your firewall, since that is where any packet that is headed for the Internet should go first.

tq very much sir...ive done

/sbin/iptables --flush
/sbin/iptables --table nat --flush
/sbin/iptables --delete-chain
/sbin/iptables --table nat --delete-chain

and

/sbin/iptables -P FORWARD DROP
/sbin/iptables -A FORWARD -i eth0 -j ACCEPT
/sbin/iptables -A FORWARD -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT


/sbin/iptables -nvL FORWARD

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED




client xp
Control Panel\ Network Connections\ Local Area Connection\ Properties\ Internet Protocol\ Properties\ Advanced\ Default Gateway

gateway = ip linux (server which connect to internet via dialup ppp0


but... my client cant go to internet

what other else ?

It is still necessary to have the MASQERADE rule in the nat table. When you flushed everything, you removed that rule as well. Without both the MASQUERADE rule and the FORWARD rules, your client will not be able to connect, as you have noted.

It appears that you should do this:
and then put in the forwarding rules:

tq very much master...but still no hope after this command

/sbin/iptables --flush
/sbin/iptables --table nat --flush
/sbin/iptables --delete-chain
/sbin/iptables --table nat --delete-chain
/sbin/iptables -t nat -A POSTROUTING -d 0/0 -o ppp0 -j MASQUERADE

/sbin/iptables -P FORWARD DROP
/sbin/iptables -A FORWARD -i eth0 -j ACCEPT
/sbin/iptables -A FORWARD -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT


this linux box can connect to the internet..but client (xp) still
cant go to internet....

can any 1 help me with this ?

There is something going on here that is not yet apparent. To get a better reading on this, I recommend that you add one more rule to your FORWARD chain, which will log any packets that the firewall machine blocks: Put this at the end of the list of commands that add rules to the FORWARD chain. This additional rule will write an entry into the syslog (/var/log/messages) for each packet that it blocks. Then try to get your XP machine to access the Internet, and then post the resulting messages that begin with FWD: here, along with the output of the command iptables -nvL FORWARD. That may tell us which of several problems is occurring. My current guesses are
1. For reasons unknown, the XP machine is sending its packets destined for the Internet somewhere else.
2. The firewall might be blocking the return packets, rather than sending them back onto your local network.
3. The PPP connection might be broken in some way that we have not discovered.

thx very much master.....problem solved
after i set my client (xp) dns to isp_dns

its all my mistake....tq very much....


this command is good for debugging masq..
iptables -A FORWARD -j LOG --log-prefix FWD:

but after i ran this command i dont see any log
in tail -f /var/log/messages

tq very much master....