Here is how mine is set up with a crossover cable;
internet[192.168.1.254]modem[192.168.1.97]abbottdavid(eth0)[192.168.0.1]&(eth1)[192.168.0.2] comprookie[eth0](192.168.0.2)comprookie default gateway is(192.168.0.1)abbottdavid default gateway is(192.168.1.254)I tried to make a nice diagram but it was bad,real bad!
For abbottdavid you need to link the cards together
this is for gentoo
# ln -s net.eth0 /etc/init.d/net.eth1
and for iptables
Code:
First we flush our current rules
# iptables -F
# iptables -t nat -F
Then we lock our services so they only work from the LAN
# iptables -I INPUT 1 -i eth0 -j ACCEPT
# iptables -I INPUT 1 -i lo -j ACCEPT
# iptables -A INPUT -p UDP --dport bootps -i ! eth0 -j REJECT
# iptables -A INPUT -p UDP --dport domain -i ! eth0 -j REJECT
(Optional) Allow access to our ssh server from the WAN
# iptables -A INPUT -p TCP --dport ssh -i eth1 -j ACCEPT
Drop TCP / UDP packets to privileged ports
# iptables -A INPUT -p TCP -i ! eth0 -d 0/0 --dport 0:1023 -j DROP
# iptables -A INPUT -p UDP -i ! eth0 -d 0/0 --dport 0:1023 -j DROP
Finally we add the rules for NAT
# iptables -I FORWARD -i eth0 -d 192.168.0.0/255.255.0.0 -j DROP
# iptables -A FORWARD -i eth0 -s 192.168.0.0/255.255.0.0 -j ACCEPT
# iptables -A FORWARD -i eth1 -d 192.168.0.0/255.255.0.0 -j ACCEPT
# iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
Tell the kernel that ip forwarding is OK
# echo 1 > /proc/sys/net/ipv4/ip_forward
# for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done
This is so when we boot we don't have to run the rules by hand
# /etc/init.d/iptables save
# rc-update add iptables default
# nano /etc/sysctl.conf
Add/Uncomment the following lines:
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
You may not need it all but for sure ipforwarding,you can do it with firestarter or guarddog.
Again this is for gentoo but will give you an idea,good luck