LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-02-2004, 09:10 PM   #1
berserker_b2k
LQ Newbie
 
Registered: Feb 2004
Location: Argentina
Distribution: Slackware 9.1
Posts: 8

Rep: Reputation: 0
Regarding FORWARD and MASQUERADE


Hi there... first post on this forum

I have a question regarding the infamous IPTABLES.
I'm trying to set up a firewall + proxy + samba to replace some NT servers, but I'm getting stuck with the firewall.

I got two PCs, one with slackware 9.1 and the other with win98se, just to test.
The linux box has 2 ethernet adapters, one connected to ADSL and the other to the Win98 box.
I managed to make some rules so I can browse, use MSN messenger, etc from the linux box, and so can I from the Win98 box. (damn... I'm so bad writing)

I enabled IP forwarding in the linux box & created the regarding rules and everything is working fine, but I'm not doing MASQUERADE at all. I checked traffic with ethereal and seems that the SNAT is done automatically.

I set up the win98 box as:
IP 192.168.0.101
NM 255.255.255.0
GW 192.168.0.1 (linux box)
DNS 192.168.0.1

and in the linux box I did:

ifconfig eth0 192.168.1.1 netmask 255.255.255.0 # Connected to ADSL
ifconfig eth1 192.168.0.1 netmask 255.255.255.0 # LAN

# Empty al
iptables -F
iptables -Z
iptables -X

# Policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

iptables -t nat -A PREROUTING -p UDP -d 192.168.0.1 --dport 53 -j DNAT --to $NS_IP # DNS routing

iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT # LAN in OK
iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT # ADSL response OK

iptables -A FORWARD -i eth1 -j ACCEPT # LAN forward OK
iptables -A FORWARD -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT # ADSL forward response OK

#iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE # Masquerading


iptables -A OUTPUT -s 192.168.0.0/24 -p ICMP -j ACCEPT

iptables -A OUTPUT -o ppp0 -p TCP --dport 80 -j ACCEPT # HTTP
iptables -A OUTPUT -o ppp0 -p TCP --dport 443 -j ACCEPT # HTTPS
iptables -A OUTPUT -o ppp0 -p UDP --dport 53 -j ACCEPT # DNS
iptables -A OUTPUT -o ppp0 -p TCP --dport 21 -j ACCEPT # FTP
iptables -A OUTPUT -o ppp0 -p TCP --dport 1863 -j ACCEPT # MSN
iptables -A OUTPUT -p TCP --dport 6891:6900 -j ACCEPT # MSN File Transfer
iptables -A OUTPUT -p TCP --sport 6891:6900 -j ACCEPT # MSN File Transfer
iptables -A INPUT -p TCP --dport 6891:6900 -j ACCEPT # MSN File Transfer
iptables -A INPUT -p TCP --sport 6891:6900 -j ACCEPT # MSN File Transfer

So... this is a really basic setup... my question is: do i need masquerade? I think yes, so... how is that this thing works without it?

Thanks to you all in advance & sorry for my bad english
 
Old 02-02-2004, 09:15 PM   #2
linuxlah
Member
 
Registered: Jun 2002
Location: Batu Puteh, Malaysia
Distribution: (Mandrake 8.2) (Redhat 7.2,8.0,9.0) (Slackware 9.0,9.1)
Posts: 154

Rep: Reputation: 30
If you have static ip for your ADSL you don't neet to "masquerade". You only need to "masquerade" if the ip changes every time you log on to the net
 
Old 02-02-2004, 09:20 PM   #3
berserker_b2k
LQ Newbie
 
Registered: Feb 2004
Location: Argentina
Distribution: Slackware 9.1
Posts: 8

Original Poster
Rep: Reputation: 0
wow... that was fast... thanks for the reply.
My ADSL has dinamic IP... anyway... if I had a static IP I would do a SNAT... but I'm not doing anything... everything works directly via FORWARD. I think, for example, that if my Win98 box (192.168.0.101) tries to connect to a server (let's say 24.232.5.2), it passes via FORWARD, but when the server recieves, it would come from 192.168.0.101 and not from my ADSL IP
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Masquerade nanoprobe Linux - Networking 7 06-12-2005 08:48 AM
I want .forward to not forward attachments nigelj12 Linux - Software 1 09-30-2004 03:13 PM
cant see .forward file in home directory >> mail forward/copy steve_babbage Linux - Newbie 0 03-02-2004 06:25 AM
Iptables Forward + Masquerade + Vmware ! sapilas Linux - Networking 2 12-07-2002 06:18 PM
About masquerade Nuts Linux - Networking 8 08-30-2002 09:56 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration