LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-05-2010, 12:40 PM   #1
debeb
LQ Newbie
 
Registered: Jul 2010
Posts: 5

Rep: Reputation: 0
Masquerading with iptables


I'm trying to get one of my linux machines to act as a router and I've read that ip masquerading with iptables is the way to do this. I used the iptables section of this page as a guide: http://www.gentoo.org/doc/en/home-router-howto.xml , of course modifying the relevant bits to my system (debian lenny)

Everything seemed to go smoothly, except for the fact that it doesn't work.

from a computer behind my would-be router:
Code:
$ ping google.com
Connect: Network is unreachable
my "router" otherwise works fine, connects to the internet, serves dhcp and dns, etc.

my /etc/network/iptables comes directly from the link I posted, but I'll post it here anyway

Code:
# Generated by iptables-save v1.4.2 on Mon Jul  5 13:21:30 2010
*nat
:PREROUTING ACCEPT [2:293]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o wlan0 -j MASQUERADE
-A POSTROUTING -o wlan0 -j MASQUERADE
COMMIT
# Completed on Mon Jul  5 13:21:30 2010
# Generated by iptables-save v1.4.2 on Mon Jul  5 13:21:30 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [73:9188]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -i ! eth0 -p udp -m udp --dport 67 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i ! eth0 -p udp -m udp --dport 53 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i ! eth0 -p tcp -m tcp --dport 0:1023 -j DROP
-A INPUT -i ! eth0 -p udp -m udp --dport 0:1023 -j DROP
-A FORWARD -d 10.0.0.0/24 -i eth0 -j DROP
-A FORWARD -s 10.0.0.0/24 -i eth0 -j ACCEPT
-A FORWARD -d 10.0.0.0/24 -i wlan0 -j ACCEPT
COMMIT
# Completed on Mon Jul  5 13:21:30 2010
eth0 being the LAN NIC and wlan0 the WAN.

Last edited by debeb; 07-05-2010 at 12:46 PM.
 
Old 07-05-2010, 01:19 PM   #2
debeb
LQ Newbie
 
Registered: Jul 2010
Posts: 5

Original Poster
Rep: Reputation: 0
Nvm, figured it out; I forgot to uncomment the option router and option domain-name-server in my dhcpd.conf
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables : masquerading not possible iamtux Linux - Networking 3 06-04-2005 11:32 PM
squid and iptables masquerading egyptian Linux - Security 1 09-05-2004 04:31 AM
IP Masquerading (with iptables) and Planetside Milkman00 Linux - Networking 4 06-06-2003 09:12 AM
Iptables Masquerading GOLDF1NG3R Linux - Security 3 11-10-2001 11:51 PM
Iptables Masquerading GOLDF1NG3R Linux - Networking 4 11-01-2001 04:34 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration