Quote:
Originally Posted by michaelk
Should be iptables ... -m state --state RELATED,ESTABLISHED -j ACCEPT
|
Thanks for that - I'd found that whilst googling, and it removed the error mesage, but it's nice to know that this is correct
However, I'm still not (quite?) there yet. From my desktop box, I can now ping the IP address that my ISP has assigned my modem, but no further. In other words, I'm a step closer to my aim as I can ping the next IP address in the line.
This is the set of rules that I'm using:
LOOPBACK=lo
LAN=eth0
WAN=ppp0
#Flush any rules that may still be configured
/sbin/iptables -t filter -F INPUT
/sbin/iptables -t filter -F OUTPUT
/sbin/iptables -t filter -F FORWARD
/sbin/iptables -t nat -F PREROUTING
/sbin/iptables -t nat -F POSTROUTING
/sbin/iptables -t nat -F OUTPUT
# Set the default policies for the chains
/sbin/iptables -t filter -P INPUT DROP
/sbin/iptables -t filter -P OUTPUT ACCEPT
/sbin/iptables -t filter -P FORWARD DROP
/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT
# Set up the firewall rules
/sbin/iptables -t filter -A INPUT -i ${LOOPBACK} -j ACCEPT
/sbin/iptables -t filter -A INPUT -i ${LAN} -j ACCEPT
/sbin/iptables -t filter -A INPUT -i ${WAN} -m state --state RELATED,ESTABLISHED -j ACCEPT
# Set up the ip forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t filter -A FORWARD -i ${LAN} -o ${WAN} -j ACCEPT
/sbin/iptables -t filter -A FORWARD -i ${WAN} -o ${LAN} -m state --state RELATED,ESTABLISHED -j ACCEPT
# Set up ip masquerading
# Allow the boxes 192.168.0.2 and 192.168.0.227 on the Internet
/sbin/iptables -t nat -A POSTROUTING -o 192.168.0.2 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -o 192.168.0.227 -j MASQUERADE
Anything obviously wrong here?