Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I created an iptables script by using an iptables script generator.
I'm using FC2 and don't know where to put this file.
Can anybody tell me where to put this file and under which name? I don't know the name of the file either. One more question...how can I enable this file? Do I need to restart my computer? I'm using a cable modem and I don't have a static ip...
I put the iptables script under the name of /etc/rc.local and tried to reboot my computer but I didn't get my computer to open correctly, kde didn't start...then I removed the content of the rc.local file and restart the computer. I don't know what to do now.
I did as you said and tried to reboot my computer. It opened without any problems but nothing has changed. I think it's getting worse. I can't even ping the gateway from other computers in the LAN. Before that I was able to ping the gateway from the computers in my LAN. Is it so hard to set up a gateway? anyway, I'm still a newbie...
it is so easy to setup gateway.
1-
the following makes your linux a router.
#echo 1 > /proc/sys/net/ipv4/ip_forward
2-
and the following makes nat:
#iptables -t nat -A POSTROUTING -j MASQUERADE
thats all.
but your script is better because it has also firewall rules. it blocks unwanted net activity and secure your local network.
expalin more about your network and post your firewall script here. let me check them. so i will be able to help.
#!/bin/sh
# iptables script generator: V0.1-2002
# Comes with no warranty!
# e-mail: michael@1go.dk
# Diable forwarding
echo 0 > /proc/sys/net/ipv4/ip_forward
LAN_IP_NET='192.168.0.1/24'
LAN_NIC='eth1'
WAN_IP='194.54.33.108'
WAN_NIC='eth0'
# load some modules (if needed)
# Flush
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -F OUTPUT
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
# enable Masquerade and forwarding
iptables -t nat -A POSTROUTING -s $LAN_IP_NET -j MASQUERADE
iptables -A FORWARD -j ACCEPT -i $LAN_NIC -s $LAN_IP_NET
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# STATE RELATED for router
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
This is the firewall script. I've a cable modem and everytime I restart my computer I'm getting an IP from the DHCP server. The cable modem is connected via USB and it's eth0 (WAN). I'm using an ethernet card which is eth1 (LAN). I'm able to ping the gateway but I want more. I would like to be able to surf the net. I don't know what the problem is. I followed the instructions that you gave, unfortunately nothing has changed.
#!/bin/sh
# iptables script generator: V0.1-2002
# Comes with no warranty!
# e-mail: michael@1go.dk
# Diable forwarding
echo 0 > /proc/sys/net/ipv4/ip_forward
LAN_IP_NET='192.168.0.1/24' ## !! this is a wrong expression. it should be 192.168.0.0/24
LAN_NIC='eth1'
WAN_IP='194.54.33.108'
WAN_NIC='eth0'
# load some modules (if needed) ## !! u can add the followings.
modprobe ip_conntrack_ftp ## passive ftp modules
modprobe ip_nat_ftp
# Flush
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -F OUTPUT
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
# enable Masquerade and forwarding
iptables -t nat -A POSTROUTING -s $LAN_IP_NET -j MASQUERADE
iptables -A FORWARD -j ACCEPT -i $LAN_NIC -s $LAN_IP_NET
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# STATE RELATED for router
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
## !! u could add the following to allow connections from local network
iptables -A INPUT -s $LAN_IP_NET -j ACCEPT
## !! if some services will work on this computer, uncommend the foloowings :
#iptables -A INPUT -s 127.0.0.1 -j ACCEPT
#iptables -A INPUT -d 127.0.0.1 -j ACCEPT
# Enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.