iptables and NAT in Ubuntu 10
Hey, i have a basic box running Ubuntu 10.10 - command line only, and i believe it's a "light weight" version as i was originally trying to install Lubuntu but never got around to it.
Anyways, it's installed and boots from a 4GB usb stick and everything seems to be running good.
Im starting from scratch, so i dont have any specific rules yet...however this is what im starting with:
eth0 = WAN (public ip)
eth2 = LAN (private ip - 192.168.1.1/24)
*default config of iptables unless otherwise stated*
iptables -P INPUT ACCEPT - set to accept to allow me to SSH to this box [temp]
iptables -P OUTPUT ACCEPT - set to accept to allow me to SSH to this box [temp]
iptables -P FORWARD DROP
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -s 192.168.1.0/24 -d 0.0.0.0/0 -o eth0 -j ACCEPT
sudo iptables -A FORWARD -s 0.0.0.0/0 -d 192.168.1.0/24 -i eth0 -j ACCEPT
This should technically be all i have to do to enable NAT on my WAN interface, correct?
Note: i have not yet explicitly "modprobe"'d anything, such as ip_conntrack, etc...this is running from boot.
Note2: i have tried modprobing a few things, nothing worked
Note3: there is a default route sending packets out the WAN interface
Note3: the packets are not being translated, despite my rules. the firewall will send 192.168.x.x addresses out the WAN interface un-translated...and obviously being dropped once it hits my ISP's first router.
Verified using wireshark / tcpdump
Any help would be useful...thanks!!
|