IP Masquerdaing 2 internal networks
I am trying to connect my two internal networks to the internet. I have Red Hat 8.0 set up with 2 network cards and a modem. My first network, 192.168.0.x Is home for my two windows computers, and i cuurently have IP MASQ working for them. And my second network that im just staring is 192.168.1.x an it is home to my FreeBSD computer
(i'm trying to experiment, by the way, if anyone knows where i could learn some about FreeBSD...). Well, I want my Red Hat 8.0 box to allow trafic to flow freely between eth0 192.168.0.x and eth1 192.168.1.x and for them both to be able to use the modem, with the firewall rules i have made. Here is my script im using right now to Masq my windows network:
#!/bin/sh
echo -e "\n\n Loading firewall...\n"
#----------------------------------------#
# Kernel Modules #
#----------------------------------------#
IPTABLES=/sbin/iptables
DEPMOD=/sbin/depmod
INSMOD=/sbin/insmod
#----------------------------------------#
# Setting EXTERNAL and INTERNAL #
# interfaces for the network #
#----------------------------------------#
EXTIF="ppp0"
INTIF="eth0"
echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"
#----------------------------------------#
# Checking Kernel Modules #
#----------------------------------------#
echo -en " loading kernel modules: "
echo -en "verifying all kernel modules, "
$DEPMOD -a
#----------------------------------------#
# Re-Loading Defaults #
#----------------------------------------#
echo -en "ip_tables, "
$INSMOD ip_tables
echo -en "ip_conntrack, "
$INSMOD ip_conntrack
echo -en "iptable_nat, "
$INSMOD iptable_nat
#---------------------------------------#
# FTP tracking mechanism #
#---------------------------------------#
echo -en "ip_conntrack_ftp, "
$INSMOD ip_conntrack_ftp
#---------------------------------------#
# IRC tracking mechanism #
#---------------------------------------#
echo -en "ip_conntrack_irc, "
$INSMOD ip_conntrack_irc
#---------------------------------------#
# NAT for Non-Passive FTP #
#---------------------------------------#
echo -en "ip_nat_ftp, "
$INSMOD ip_nat_ftp
#---------------------------------------#
# NAT for IRC DDC #
#---------------------------------------#
echo -e "ip_nat_irc"
$INSMOD ip_nat_irc
echo ". Done loading modules."
#----------------------------------------#
# CRITICAL: Enable IP forwarding #
# #
# /etc/sysconfig/network #
# #
# FORWARD_IPV4=false #
# to #
# FORWARD_IPV4=true #
# #
#----------------------------------------#
echo " enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward
#----------------------------------------#
# Dynamic IP Adress Support #
#----------------------------------------#
echo " enabling DynamicAddr.."
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
#----------------------------------------#
# Flushing Old Tables #
#----------------------------------------#
echo " clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD REJECT
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
#----------------------------------------#
# Initilizing Forwarding #
#----------------------------------------#
echo " FWD: Allow all connections OUT and only existing and related ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j
ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
echo -e "\n Firewall done.\n"
I adopted it from a website i found. Maybe someone could help me understand it a little more? Well, thanks in advance,
~Peter
|