Register a domain and help support LQ
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 06-24-2005, 01:00 PM   #1
LQ Newbie
Registered: Jun 2005
Location: EU
Posts: 3

Rep: Reputation: 0
Angry routing/gateway/masquerade help wanted

Hi there,

I have a FC3 box (without X), which have two adapters (eth0 and eth1).
I like use my linux box like router/gateway to internet for my second box with windows 2000.

Linux FC3 (eth0, eth1)------ISP--->
|----windows 2000

My linux box work fine. Problem is what I can't access to web pages, email, msn, etc. on internet from my windovs 2000 computer. But ICQ can connect to inetrnet from my windows box.
I have a lot serach on google and different forums, but can't solve my problem. I have also try quicktables script and it also no get me connect to internet from my windows box.

I have use this simple script which run by rc.local



# Load useful kernel modules
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_conntrack_irc
modprobe ip_nat_ftp
modprobe ipt_MASQUERADE

# Disabling ECN if enabled (explicit congestion notification
if [ -e /proc/sys/net/ipv4/tcp_ecn ]
echo 0 > /proc/sys/net/ipv4/tcp_ecn

# Enabling forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# AntiSpoofing protection
for x in lo eth0 eth1
echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter

# Here is the place to define some variables

publicaddr="xx.xx.xx.xx" #here my static IP address

#First, flushing the existing rules
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -F -t nat

#Now defining the standard policy
iptables -P INPUT ACCEPT

#Defining the real stuff !

# Allow access to the firewall from the localnet
iptables -A INPUT -s $localnet -d $privateaddr -j ACCEPT
iptables -A INPUT -s $localnet -d $publicaddr -j ACCEPT

# Allow access from ourself to us !
iptables -A INPUT -i lo -j ACCEPT

# Allow the firewall box to access the internet
iptables -A INPUT -s $any -d $publicaddr -m state --state ESTABLISHED,RELATED -j ACCEPT

# Should we masquerade the localnet to internet ?
iptables -t nat -A POSTROUTING -s $localnet -d $any -j MASQUERADE


and here is my etc/sysconfig/iptables :


# Firewall configuration written by redhat-config-securitylevel
# Manual customization of this file is not recommended.
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

Thanks in advance for your help.
Old 06-24-2005, 04:51 PM   #2
Gentoo Developer
Registered: Feb 2004
Location: Fort Lauderdale FL.
Distribution: Gentoo
Posts: 3,291
Blog Entries: 5

Rep: Reputation: 56
Here is my stuff for Masquerading. For me eth0 connects to the WAN and eth1 to another box.
eth0 is a ethernet card with the address of The default gateway for this box is (the modems address)eth1 on this box is
crossover cable between the two;
Box two is set up with the ipaddress of and its default gateway is (Box one's eth1)
# iptables -F; iptables -t nat -F; iptables -t mangle -F
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# echo 1 > /proc/sys/net/ipv4/ip_forward
# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
# iptables -A INPUT -p icmp -j ACCEPT
# iptables -P INPUT DROP

Last edited by comprookie2000; 06-24-2005 at 04:58 PM.
Old 06-25-2005, 01:54 AM   #3
LQ Newbie
Registered: Jun 2005
Location: EU
Posts: 3

Original Poster
Rep: Reputation: 0
I have same conf of my network and just try your script. it no give me any results
thanks for your help

Last edited by -=dionis=-; 06-25-2005 at 01:56 AM.
Old 06-25-2005, 04:11 AM   #4
Registered: Oct 2003
Location: Chico, CA, USA
Distribution: Linux Mint
Posts: 846

Rep: Reputation: 106Reputation: 106
Hi, everybody.

Maybe this will help:

Download this, tar -zxvf <filename> and open it in your favorite browser. It worked for me.

Hope that helps.

Old 06-25-2005, 07:17 AM   #5
LQ Newbie
Registered: Jun 2005
Location: EU
Posts: 3

Original Poster
Rep: Reputation: 0
I have solve my problem.
It was my mistake, in my windows box I put DND server , but correct I must put DNS's of my ISP
Thanks DaneM for your how to.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Firewall Security / Gateway Routing colabus Linux - Networking 1 09-13-2005 11:15 PM
Firewall Security / Gateway Routing colabus Linux - Security 3 09-09-2005 06:40 PM
Default Gateway Not Listed In Routing Table krazyace78 Linux - Networking 0 10-05-2004 12:09 PM
pppoe gateway routing problems jvannucci Linux - Networking 2 06-26-2003 06:40 PM
linux gateway/firewall with MASQUERADE willix Linux - Networking 2 08-06-2002 05:37 PM

All times are GMT -5. The time now is 10:33 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration