LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   need to share internet using iptables (https://www.linuxquestions.org/questions/linux-networking-3/need-to-share-internet-using-iptables-556389/)

badall 05-24-2007 11:20 AM
need to share internet using iptables
 
m using FC4 and I've two NIC, eth0 and eth2.
I'm accessing internet through eth0 with dhcp.
And eth2 is connected with a Windows PC.
Now I want to acces internet from my Windows PC.
And I found a script of Iptables fo share the internet and I modified that.
But whenever I run the script I cann't browse even from my Linux PC.
Can anyone tell me where is the wrong of that script.
the script is below...........
#! /bin/bash
#(1) Policies (default)
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

#(2) User-defined chain for ACCEPTED TCP packets
iptables -N okay
iptables -A okay -p TCP --syn -j ACCEPT
iptables -A okay -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A okay -p TCP -j DROP

#(3) INPUT chain rules

#Rules for incoming packets from LAN
iptables -A INPUT -p ALL -i eth2 -s 172.16.0.0/16 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 172.16.0.1 -j ACCEPT
iptables -A INPUT -p ALL -i eth0 -j ACCEPT
iptables -A INPUT -p ALL -i eth2 -d 0/0 -j ACCEPT

#Rules for incoming packets from the internet

#Packet for established connections
iptables -A INPUT -p ALL -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

#TCP rules
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 21 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 22 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 80 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 113 -j okay

#UDP rules
iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 53 -j okay
iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 2074 -j okay
iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 4000 -j okay

#ICMP rules
iptables -A INPUT -p ICMP -i eth0 -s 0/0 --icmp-type 8 -j ACCEPT
iptables -A INPUT -p ICMP -i eth0 -s 0/0 --icmp-type 11 -j ACCEPT

#(4) FORWARD chain rules

#Accept the packet we want to forward
iptables -A FORWARD -i eth2 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

#(5) OUTPUT chain rules

#Only outyput packets with local addresses (no poofing)
iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -p ALL -s 172.16.0.1 -j ACCEPT
iptables -A OUTPUT -p ALL -o eth0 -j ACCEPT

#(6) POSTROUTING chain rules
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

billymayday 05-25-2007 08:49 PM
You may need a line like

echo "1" > /proc/sys/net/ipv4/ip_forward


All times are GMT -5. The time now is 04:52 AM.