-   Linux - Networking (
-   -   Trying to setup a firewall router using iptables (

pmoss 03-18-2002 06:07 PM

Trying to setup a firewall router using iptables
I'm trying to setup a firewall and router using iptables. My setup is as follows:
eth0 connected to cable modem (dynamic ip)
eth1 internal network static ip address (x.x.x.10)

My iptables settings are as follows: (Based on several howtos)

modprobe ipt_MASQUERADE
/sbin/iptables -F
/sbin/iptables -t nat -F
/sbin/iptables -t mangle -F
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
echo " enabling forwarding.."
echo 1 > /proc/sys/net/ipv4/ip_forward

From my firewall/router Ihave web access and can ping my other computer on the internal network (ip x.x.x.1).

From my internal network computer I can ping the firewall/router however I cant connect to the outside.
I've set the browser to use a proxy server (x.x.x.10:80)

Question I'm I missing something?
Do I need to be running a proxy server or can I just use iptables with masquerading?

p.s. I've spent about 5hours playing with diffrent -i/-o eth1/eth0 settings.

porky 03-18-2002 07:25 PM

just set the nic card of the pc on the lan to have a gateway of *.*.*.10 and your nameservers. no need to use it as a proxy.

pmoss 03-19-2002 10:52 PM

That help some
thanks - that helped some. I'm able to pull up web pages if I use the IP addr but not if I use the name.

I think I just need to add the ISP DNS server information on each internal computer; but, that's tomorrows task of the day - ha.

Thanks again for your help.

bbenz3 03-20-2002 12:15 AM

I personally just installed a DHCP server for the internal lan. It really isn't that hard and it saves you the trouble of only having to setup the info once. From the looks of your firewall you are accepting everything. I would suggest looking for one posted by one of the moderators in the security section as a guideline. I started with that one and then edited it to meet my needs. to find it search for iptables in the security section forum.

All times are GMT -5. The time now is 09:34 PM.