First off, I searched through the forums and found multiple related threads, but they were unable to solve my problem.

By using iptables, i want to be able to surf the internet from my XP machine.

Two Computers: XP Pro and RH 9.0 w/ iptables 1.2.7a (this is going to be the router)


XP interface is configured as 10.51.1.100 with a gateway of 10.51.1.1.

RedHat's two inferfaces are as follows:

eth0 Link encap:Ethernet HWaddr 00:0C:41:1EC8
inet addr:192.168.1.107 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3614 errors:0 dropped:0 overruns:0 frame:0
TX packets:2762 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1792325 (1.7 Mb) TX bytes:313202 (305.8 Kb)
Interrupt:11 Base address:0x2c00

eth1 Link encap:Ethernet HWaddr 00:40:33:A3:37:0F
inet addr:10.51.1.1 Bcast:10.51.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2917 errors:1 dropped:0 overruns:0 frame:0
TX packets:2513 errors:1 dropped:0 overruns:0 carrier:1
collisions:0 txqueuelen:100
RX bytes:249613 (243.7 Kb) TX bytes:588105 (574.3 Kb)
Interrupt:9 Base address:0x7800


I have enabled ip_forward, so I am able to ping 192.168.1.107 from my XP machine(10.51.1.100)

I can't figure out how to configure iptables to allow Web access from my XP machine. I have tried...

iptables -t nat -A POSTROUTING -s 10.51.1.0/24 -o eth1 -j SNAT --to 192.168.1.1


I really dont know what else to try, I have read many iptable tutorials but none clearly explain how to set up forwarding in this scenario. Any help would be much appreciated, if not links are just as good.

Cheers

Change
iptables -t nat -A POSTROUTING -s 10.51.1.0/24 -o eth1 -j SNAT --to 192.168.1.1
to
iptables -t nat -A POSTROUTING -s 10.51.1.0/24 -o eth0 -j SNAT --to 192.168.1.107

Is 192.168.1.1 a typo?
This rule needs to happen on the interface (eth0) that is towards the internet.

No luck! But thanks for the quick reponse. I"m still reading up on iptables hoping I can figure something out. Right now I have arno's iptables set up, which NAT works fine.


Cheers

Where is the interface that connects to the internet?

Sorry, i should have stated that.

eth0 connects to another router, which then connects to the Internet.

Thanks again

You need to have ip-masquerading installed. The gateway for the xp box will then be ip address of the ethernet card connected to the xp box. i.e. if eth0 is connected to the modem/router the gateway for the RH box will be that ip address and if eth1 is connected to the xp box the gateway will be the ip address if eth1.

One of the easiest ways to get this working would be to install a firewall package like shorewall or firehol or some other one of your choice where all you have to tell it is your interfaces and it would configure everything else. I have your exact same setup with shorewall installed in all of 5 minutes.

by default redhat have preinstalled some firewall rules in iptables, so at first you should flush chains and build your own ruleset

try that:
iptables -P FORWARD ACCEPT - to set to ACCEPT forward's policy
iptables -F - to flush all chains
iptables -t nat -A POSTROUTING -s 10.51.1.0/24 -o eth0 -j SNAT --to 192.168.1.107

of cource you should set XP's default gateway to 10.51.1.1

OMG, it worked!

Thanks a million vald, I have been trying to figure out this problem for a month now. Out of all the iptable tutorials I have read, nothing has worked.

Thanks again


Stakhous