I'm trying to get one of my linux machines to act as a router and I've read that ip masquerading with iptables is the way to do this. I used the iptables section of this page as a guide:
http://www.gentoo.org/doc/en/home-router-howto.xml , of course modifying the relevant bits to my system (debian lenny)
Everything seemed to go smoothly, except for the fact that it doesn't work.
from a computer behind my would-be router:
Code:
$ ping google.com
Connect: Network is unreachable
my "router" otherwise works fine, connects to the internet, serves dhcp and dns, etc.
my /etc/network/iptables comes directly from the link I posted, but I'll post it here anyway
Code:
# Generated by iptables-save v1.4.2 on Mon Jul 5 13:21:30 2010
*nat
:PREROUTING ACCEPT [2:293]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o wlan0 -j MASQUERADE
-A POSTROUTING -o wlan0 -j MASQUERADE
COMMIT
# Completed on Mon Jul 5 13:21:30 2010
# Generated by iptables-save v1.4.2 on Mon Jul 5 13:21:30 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [73:9188]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -i ! eth0 -p udp -m udp --dport 67 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i ! eth0 -p udp -m udp --dport 53 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i ! eth0 -p tcp -m tcp --dport 0:1023 -j DROP
-A INPUT -i ! eth0 -p udp -m udp --dport 0:1023 -j DROP
-A FORWARD -d 10.0.0.0/24 -i eth0 -j DROP
-A FORWARD -s 10.0.0.0/24 -i eth0 -j ACCEPT
-A FORWARD -d 10.0.0.0/24 -i wlan0 -j ACCEPT
COMMIT
# Completed on Mon Jul 5 13:21:30 2010
eth0 being the LAN NIC and wlan0 the WAN.