Quote:
Originally Posted by tr1pl3x
#iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
|
First, I'd drop that one. It would just allow SYN packets accidently using a port that the masquerading module has seen as internal source port. Under normal conditions, they will be just ignored by whatever host they are reaching, but it's unnecessary to "let them in".
edit:
Misread your interface names .. this line seems fine as it allows packets from the internal to the external interface. So maybe you just need to exchenge the interface names on the NEXT line where packets belonging to established connections are allowed.
/edit.
And then, one thing often overlooked when trying to set up a masquerading router is the fact the linux network stack has to be configured to route /at all/. Try
Code:
sysctl net.ipv4.ip_forward
If it says
Code:
net.ipv4.ip_forward = 0
your box doesn't act as a router. Edit /etc/sysctl.conf or some file in /etc/sysctl.d/ to change this permanently (and issue "sysctl -w net.ipv4.ip_forward=1" to switch routing on instantly).
Another idea: Are all these '#' charcaters actually in your script? '#' starts a comment, so these lines would be ignored.
If this doesn't help, maybe describe in detail what behavior you expected and what you got...