LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-03-2003, 10:09 PM   #1
matthewchin
Member
 
Registered: Jun 2003
Posts: 40

Rep: Reputation: 15
Unhappy How to set iptables script for lan


Hello,

I have two PCs, first installed RH9 with two NICs:
one eth0 to internet and 2nd eth1 cross-over to second PC,
also installed with RH9.

Please tell me how to set the dns/gateway/ip for these
two PCs and their iptables scripts for
internet / file / printer sharing ?

Thanks,
Matthew
 
Old 07-04-2003, 01:14 AM   #2
Robert0380
Guru
 
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280

Rep: Reputation: 47
1. give eth1 of computer 1 an ip of 192.168.0.1
2. give eth0 of computer 2 and ip of 192.168.0.2
3. set the default route on computer 2 to point to computer 1

1. #ifconfig eth1 192.168.0.1 netmask 255.255.255.0
2. #ifconfig eth0 192.168.0.2 netmask 255.255.255.0
3. #route add default 192.168.0.1



to get these setting to stick on boot you could later the appropriate
networking script (ifcfg-ethX) in /etc/sysconfig/network-scripts/

Code:
example of my ifcfg-eth0

DEVICE=eth0
BOOTPROTO=static
IPADDR=192.168.1.200
NETMASK=255.255.255.0
ONBOOT=yes


for dns just use the DNS servers that your ISP provides for you or with
RH9 you COULD just turn on named and run a caching only server, it
comes pre-configured with Red Hat.
Code:
open up   /etc/resolv.conf

nameserver 127.0.0.1    <<< use this if you turn on named and only on the machine tired to the net.
nameserver 1.2.3.4    <<< isp provided
nameserver 1.2.3.5   <<< second isp server..make sure you use the proper values



you only have to run 1 DNS server if you really want to run the caching
only name server and that would be the one tied to the internet


for firewalling you'll want the following basic rules (On the computer tied t the internet)

Code:

iptables -P INPUT DROP
iptables -P OUTPUT DROP

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ! INVALID

NAT RULE:

iptables -A POSTROUTING -t nat -s $LAN_COMPUTER -j SNAT --to $INET_IP

or if you have a dynamic ip address you will have to do this instead:

iptables -A POSTROUTING -t nat -s $LAN_COMPUTER -j MASQUERADE

you'll want to add more rules if u plan to run a server on either computer 
because it blocks all INPUT that wasnt established by from you lan or from 
the router itself.



get this stuff working, then consult samba for file and printer sharing, this
stuff is all over these forums also.....try using the search for more help.

i havent proof read this so there may be something wrong, but as i am
an expert (kiddin sort of) it should work out fine. i must say that i have
never use RH9 so something may be different about it. I'm giving my answers
based on RH 7.3
 
Old 07-04-2003, 02:41 AM   #3
matthewchin
Member
 
Registered: Jun 2003
Posts: 40

Original Poster
Rep: Reputation: 15
Thanks for info.
I will try.
 
Old 07-07-2003, 11:08 PM   #4
matthewchin
Member
 
Registered: Jun 2003
Posts: 40

Original Poster
Rep: Reputation: 15
Hello,

For PC1 eth1 , do I need to set gateway ip to the isp ?
If I don't set, seems cannot connect to internet for eth0 ?
eth0 is dynamic ip assigned by my isp.

I wrongly set one to 192.168.0.1 and dns cannot be resolved
and RH9 became very slow (sendmail / gnome etc).

Can you have a brief explanation of the iptables rules and how it work ?

Thanks,
Matthew
 
Old 07-21-2003, 04:23 AM   #5
matthewchin
Member
 
Registered: Jun 2003
Posts: 40

Original Poster
Rep: Reputation: 15
Robert0380,

Do you have any update to me ?

Matthew
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables (with masq) troubleshooting, very simple script attached script and logs. xinu Linux - Networking 13 11-01-2007 04:19 AM
how do I set up lan messenging? harnadem Linux - Networking 4 03-26-2005 09:06 AM
startup script to set up iptables rules doesn't run alexfittyfives Debian 2 06-01-2004 07:21 PM
Set up LAN Reinder Wieling Linux - Networking 3 07-05-2003 12:46 PM
My iptables script is /etc/sysconfig/iptables. How do i make this baby execute on boo ForumKid Linux - General 3 01-22-2002 07:36 AM


All times are GMT -5. The time now is 05:10 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration