need to share internet using iptables
m using FC4 and I've two NIC, eth0 and eth2.
I'm accessing internet through eth0 with dhcp.
And eth2 is connected with a Windows PC.
Now I want to acces internet from my Windows PC.
And I found a script of Iptables fo share the internet and I modified that.
But whenever I run the script I cann't browse even from my Linux PC.
Can anyone tell me where is the wrong of that script.
the script is below...........
#! /bin/bash
#(1) Policies (default)
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
#(2) User-defined chain for ACCEPTED TCP packets
iptables -N okay
iptables -A okay -p TCP --syn -j ACCEPT
iptables -A okay -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A okay -p TCP -j DROP
#(3) INPUT chain rules
#Rules for incoming packets from LAN
iptables -A INPUT -p ALL -i eth2 -s 172.16.0.0/16 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 172.16.0.1 -j ACCEPT
iptables -A INPUT -p ALL -i eth0 -j ACCEPT
iptables -A INPUT -p ALL -i eth2 -d 0/0 -j ACCEPT
#Rules for incoming packets from the internet
#Packet for established connections
iptables -A INPUT -p ALL -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
#TCP rules
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 21 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 22 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 80 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 113 -j okay
#UDP rules
iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 53 -j okay
iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 2074 -j okay
iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 4000 -j okay
#ICMP rules
iptables -A INPUT -p ICMP -i eth0 -s 0/0 --icmp-type 8 -j ACCEPT
iptables -A INPUT -p ICMP -i eth0 -s 0/0 --icmp-type 11 -j ACCEPT
#(4) FORWARD chain rules
#Accept the packet we want to forward
iptables -A FORWARD -i eth2 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
#(5) OUTPUT chain rules
#Only outyput packets with local addresses (no poofing)
iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -p ALL -s 172.16.0.1 -j ACCEPT
iptables -A OUTPUT -p ALL -o eth0 -j ACCEPT
#(6) POSTROUTING chain rules
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|