I am now setting up iptables for masquerading to accomplish this.
I followed the HOW-TO located at
http://www.linuxhomenetworking.com/i...m#_Toc32287197 with modifications to match my site.
I am getting mixed results.
I can do nslookups to the ISP DNS server.
I can ping internet servers.
I CANNOT access the web with a browser.
I CANNOT access my ISP POP server.
ARRGGHHH!!!!!
my iptables init script is as follows:
#!/bin/bash
#---------------------------------------------------------------
# Initialize all the chains by removing all the rules
# tied to them
#---------------------------------------------------------------
iptables --flush
iptables -t nat --flush
iptables -t mangle --flush
#---------------------------------------------------------------
# Now that the chains have been initialized, the user defined
# chains should be deleted. We'll recreate them in the next step
#---------------------------------------------------------------
iptables --delete-chain
iptables -t nat --delete-chain
iptables -t mangle --delete-chain
#---------------------------------------------------------------
# If a packet doesn't match one of the built in chains, then
# The policy should be to drop it
#---------------------------------------------------------------
#iptables --policy INPUT DROP
#iptables --policy OUTPUT DROP
#iptables --policy FORWARD DROP
#---------------------------------------------------------------
# The loopback interface should accept all traffic
# Necessary for X-Windows and other socket based services
#---------------------------------------------------------------
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
#---------------------------------------------------------------
# Allow all bidirectional traffic from your firewall to the protected network
# - Interface eth0 is the private network interface
#---------------------------------------------------------------
iptables -A INPUT -j ACCEPT -p all -s 10.0.0.0/24 -i eth0
iptables -A OUTPUT -j ACCEPT -p all -d 10.0.0.0/24 -o eth0
#---------------------------------------------------------------
# Load the NAT module
#---------------------------------------------------------------
modprobe iptable_nat
#---------------------------------------------------------------
# Allow masquerading
# Enable routing by modifying the ip_forward /proc filesystem file
# - Interface ppp0 is the internet interface
# - Interface eth0 is the private network interface
#---------------------------------------------------------------
iptables -A POSTROUTING -t nat -o ppp0 -s 10.0.0.0/24 -d 0/0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
#---------------------------------------------------------------
# Prior to masquerading, the packets are routed via the filter
# table's FORWARD chain.
# Allowed outbound: New, established and related connections
# Allowed inbound : Established and related connections
#---------------------------------------------------------------
iptables -A FORWARD -t filter -i eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -t filter -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
HELP!