Hi there,

I have a FC3 box (without X), which have two adapters (eth0 and eth1).
I like use my linux box like router/gateway to internet for my second box with windows 2000.

Linux FC3 (eth0, eth1)------ISP--->
|
|----windows 2000


My linux box work fine. Problem is what I can't access to web pages, email, msn, etc. on internet from my windovs 2000 computer. But ICQ can connect to inetrnet from my windows box.
I have a lot serach on google and different forums, but can't solve my problem. I have also try quicktables script and it also no get me connect to internet from my windows box.

I have use this simple script which run by rc.local

-----------------------------------------------

#!/bin/bash

# Load useful kernel modules
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_conntrack_irc
modprobe ip_nat_ftp
modprobe ipt_MASQUERADE

# Disabling ECN if enabled (explicit congestion notification
if [ -e /proc/sys/net/ipv4/tcp_ecn ]
then
echo 0 > /proc/sys/net/ipv4/tcp_ecn
fi

# Enabling forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# AntiSpoofing protection
for x in lo eth0 eth1
do
echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter
done

# Here is the place to define some variables

iptables="/sbin/iptables"
publicaddr="xx.xx.xx.xx" #here my static IP address
privateaddr="192.168.0.1"
any="0.0.0.0/0"
localnet="192.168.0.0/24"

#First, flushing the existing rules
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -F -t nat


#Now defining the standard policy
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT


#Defining the real stuff !

# Allow access to the firewall from the localnet
iptables -A INPUT -s $localnet -d $privateaddr -j ACCEPT
iptables -A INPUT -s $localnet -d $publicaddr -j ACCEPT

# Allow access from ourself to us !
iptables -A INPUT -i lo -j ACCEPT

# Allow the firewall box to access the internet
iptables -A INPUT -s $any -d $publicaddr -m state --state ESTABLISHED,RELATED -j ACCEPT

# Should we masquerade the localnet to internet ?
iptables -t nat -A POSTROUTING -s $localnet -d $any -j MASQUERADE

-------------------------------------

and here is my etc/sysconfig/iptables :

---------------------------------------

# Firewall configuration written by redhat-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
--------------------------------------


Thanks in advance for your help.
Alex

Here is my stuff for Masquerading. For me eth0 connects to the WAN and eth1 to another box.
eth0 is a ethernet card with the address of 192.168.1.96 The default gateway for this box is 192.168.1.254 (the modems address)eth1 on this box is 192.168.0.1
crossover cable between the two;
Box two is set up with the ipaddress of 192.168.0.2 and its default gateway is 192.168.0.1 (Box one's eth1)
# iptables -F; iptables -t nat -F; iptables -t mangle -F
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# echo 1 > /proc/sys/net/ipv4/ip_forward
# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
# iptables -A INPUT -p icmp -j ACCEPT
# iptables -P INPUT DROP

I have same conf of my network and just try your script. it no give me any results
thanks for your help

Hi, everybody.

Maybe this will help: http://www.ibiblio.org/pub/Linux/doc...TO-html.tar.gz

Download this, tar -zxvf <filename> and open it in your favorite browser. It worked for me.

Hope that helps.

--Dane

Hi,
I have solve my problem.
It was my mistake, in my windows box I put DND server 192.168.0.1 , but correct I must put DNS's of my ISP
Thanks DaneM for your how to.
Thanks!