need to share internet using iptables
m using FC4 and I've two NIC, eth0 and eth2.
I'm accessing internet through eth0 with dhcp. And eth2 is connected with a Windows PC. Now I want to acces internet from my Windows PC. And I found a script of Iptables fo share the internet and I modified that. But whenever I run the script I cann't browse even from my Linux PC. Can anyone tell me where is the wrong of that script. the script is below........... #! /bin/bash #(1) Policies (default) iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP #(2) User-defined chain for ACCEPTED TCP packets iptables -N okay iptables -A okay -p TCP --syn -j ACCEPT iptables -A okay -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A okay -p TCP -j DROP #(3) INPUT chain rules #Rules for incoming packets from LAN iptables -A INPUT -p ALL -i eth2 -s 172.16.0.0/16 -j ACCEPT iptables -A INPUT -p ALL -i lo -s 127.0.0.1 -j ACCEPT iptables -A INPUT -p ALL -i lo -s 172.16.0.1 -j ACCEPT iptables -A INPUT -p ALL -i eth0 -j ACCEPT iptables -A INPUT -p ALL -i eth2 -d 0/0 -j ACCEPT #Rules for incoming packets from the internet #Packet for established connections iptables -A INPUT -p ALL -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT #TCP rules iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 21 -j okay iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 22 -j okay iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 80 -j okay iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 113 -j okay #UDP rules iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 53 -j okay iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 2074 -j okay iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 4000 -j okay #ICMP rules iptables -A INPUT -p ICMP -i eth0 -s 0/0 --icmp-type 8 -j ACCEPT iptables -A INPUT -p ICMP -i eth0 -s 0/0 --icmp-type 11 -j ACCEPT #(4) FORWARD chain rules #Accept the packet we want to forward iptables -A FORWARD -i eth2 -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT #(5) OUTPUT chain rules #Only outyput packets with local addresses (no poofing) iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT iptables -A OUTPUT -p ALL -s 172.16.0.1 -j ACCEPT iptables -A OUTPUT -p ALL -o eth0 -j ACCEPT #(6) POSTROUTING chain rules iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE |
You may need a line like
echo "1" > /proc/sys/net/ipv4/ip_forward |
All times are GMT -5. The time now is 09:22 AM. |