Hi i have slack10.2 kernel 2.4.31
i configured my eth1 to 192.168.0.1 mask255.255.255.0
and my winXP card to 192.168.0.2 with getway 192.168.0.1 mask 255.255.255.0

then i did a script

IPTABLES=/sbin/iptables
EXTIF=eth0
INTIF=eth1

echo "1" > /proc/sys/net/ipv4/ip_forward

$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG

$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

But its still didnt worked
i pinged each other ip and i got no response
destention unreachable
please help me ill appricate it very much
Btw i'm a newbie so please make it clear
night

I'm assuming this is communication from the Windows machine to the Linux machine (and/or visa-versa). If so, how do you have the two computers connected?

I am also assuming that your Linux box has internet connectivity. If so, you will need to assign a DNS server entry on your windows machine so you can do lookups (when you get the connection problem solved), and thus use the internet. Your ISP's DNS server IP would be the best for this.

EDIT: You can find your DNS nameserver IP by typing 'cat /etc/resolv.conf' from the console.

Hi!

Are you able to ping both machines when you're iptables script is not in used? I suspect the answer would be NO, as your script doesn't protect AT ALL direct access to the Linux box (which definitly is a problem as anyone can connect to your box from the outside network -- internet? -- to EXTIF / eth0).

you should consider using lines such as:

If that were the case, wouldn't he get a Ping Timeout instead of a Destination Unreachable?

Besides, it sounds like he is having connection problems between his two computers, and not from the internet to the NAT box. Although good call on firewalling the EXTIF.

Depends... if the IP config of the machine that sends the echo request is really crap, then he can have a destination unreachable (wrong netmask or smtg else).
as an exemple, my eth1 192.168.1.80 has no cable pluged in and here's what i have:
root@lazarus:~# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
From 192.168.1.2 icmp_seq=1 Destination Host Unreachable
From 192.168.1.2 icmp_seq=2 Destination Host Unreachable

you actually have a timeout only if you're able to send the packets...

Right, which is why I asked how the two computers are connected. If he has them directly connected using a standard patch cable and not a crossover, he would recieve this error.

2 nics on the linux machine
1 on the winXP
which i guess a regular cable
which i checked and working with the modem..
so i thought it would work with nic to nic

and abou the firewall ill fix it later i just want to do
step by step and first step is makeing the other computer to connect

thanks ahead

oh and from the windows box i'm getting ping timeout but i think it will say ping timeout even if its not connecting to anything..

You will need to get a crossover cable to connect the 2 machines NIC to NIC. A normal patch cable will not work for this purpose.

thanks a lot
after ill get this cable ill see what's happning and i might come back :|

oh btw a friend told me there might be a driver/program who works like a crossover cable
do you know a thing like that ? or a way i can get it working with a regular cable ?