LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Newbie wishing to share net connection, help! :D (https://www.linuxquestions.org/questions/linux-networking-3/newbie-wishing-to-share-net-connection-help-d-51835/)

KiLLaWaBBiT 03-26-2003 07:50 AM
Newbie wishing to share net connection, help! :D
 
Hey, i'm running red-hat 8.0, and trying to share my net connection with an XP machine. The setup goes like this. Broadband connection into my eth0, and lan connection to the XP machine on my eth1. I've turned on ipv4 forwarding (i think), and pointed the XP machine's gateway/dns lookups at my red-hat machine. I have no clue where to go from here, any help would be greatly appreciated.

Capt_Caveman 03-26-2003 08:55 AM
Your going to need to setup ip masquerading. There are some how-tos here:
http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO
http://www.netfilter.org

But your going to need to add a couple of lines to iptables.
In the nat table add:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

In the filter add:
iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

Make sure to set the default policies for the postrouting and forward chains like:
iptables -P FORWARD DROP
iptables -P POSTROUTING DROP

Take a look at the howtos and then work these rules into your existing firewall script.
HTH

KiLLaWaBBiT 03-26-2003 09:25 AM
Many thanks
 
Thanks a lot CC, i'll have a good read through the how-to's and let you know how it goes.:)

KiLLaWaBBiT 03-26-2003 10:45 AM
Woo Hoo!!
 
She's working like a beaut!
Much appreciated sir!

Pcghost 03-26-2003 12:15 PM
I gotta give kudo's to Capt. Caveman on this one. That was the most comprehensive iptables answer I have ever seen posted. Well done..

Capt_Caveman 03-26-2003 04:06 PM
I would bow or something, but I just spent the last 2 hours trying to fix my own firewall after I screwed with it to come up with that answer...doh! Nothing better than iptables to teach some humility.

kublador 03-26-2003 07:19 PM
" But your going to need to add a couple of lines to iptables.
In the nat table add:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE "

hmmmm how can i add these line to the iptables? what is the location of the file that im gonna edit?
thank you

Capt_Caveman 03-26-2003 09:43 PM
There are a couple of ways to do it. First you can just type each rule in from the command line one after another keeping in mind that your adding them to the bottom of the chain (-A means append). Then once your done do:

service iptables restart

Or you can put all these together in a firewall script. Just make a normal text file with your favorite text editor and save it as whatever name you like. Then have it run at startup, usually by adding an entry in /etc/rc.d/rc.local that points to the path of the script. Just make sure that the script is executable using the chmod command.

Probably a good idea to look at the howto's first to get an idea of what your doing and to get some other rules that you'll need for packet filtering. Whatever you do (and I stress whatever!) don't edit the actual iptables file in /etc/sysconfig/iptables. Bad things happen when you do this (see my previous post above).
HTH


All times are GMT -5. The time now is 03:19 AM.