Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
05-23-2004, 08:26 PM
|
#1
|
LQ Newbie
Registered: Aug 2003
Location: Canada
Distribution: Debian, Libranet
Posts: 19
Rep:
|
IPCHAINS to IPTABLES
I am reinstalling my router box and will upgrade from kernel 2.2 to 2.4
My existing ruleset for masquerading uses IPCHAINS. If I provide it here, could some great soul intruct me on making the proper edits to make it work with IPTABLES?
Also, if I'm using IPTABLES, what net modules should I be installing to allow the masquerading, and eventually in the future to allow firewalling and maybe port forwarding as I may want to do some type of hosting on my internal LAN.
Thanks,
James
-------------------------------------------------------------------------------------------------------------------
-- the external NIC retrieves IP through DHCP from ISP
-- the internal NIC is assigned static IP info through use of: /etc/network/interfaces
-- the box is running Debian stable BTW
#!/bin/sh
INTLAN="192.168.0.0/24"
INTIF="eth0"
EXTIF="eth1"
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
/sbin/ipchains -A input -j ACCEPT -i $EXTIF -s 0/0 67 -d 0/0 68 -p udp
EXTIP="`/sbin/ifconfig eth1 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_always_defrag
/sbin/ipchains -M -S 7200 10 160
/sbin/ipchains -P input ACCEPT
/sbin/ipchains -P output ACCEPT
/sbin/ipchains -P forward REJECT
/sbin/ipchains -F input
/sbin/ipchains -F output
/sbin/ipchains -F forward
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -i $EXTIF -s $INTLAN -j MASQ
|
|
|
05-24-2004, 05:14 AM
|
#2
|
Senior Member
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791
Rep:
|
Almost the same except
/sbin/iptables -A INPUT (INPUT, OUTPUT, FORWARD etc should be in CAPS)
and
/sbin/iptables -A FORWARD -i $EXTIF -s $INTLAN -j MASQUERADE
|
|
|
05-24-2004, 05:33 AM
|
#3
|
Member
Registered: Nov 2003
Location: austria
Distribution: debian
Posts: 667
Rep:
|
have a look at rusty's nat-howto-2.4 www.netfilter.org www.iptables.org for further infos. it has really gotten a more powerful tool.
|
|
|
All times are GMT -5. The time now is 08:37 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|