Question about iptables rules

huanvnn · 06-01-2006, 09:58 AM

hi everybody i am a new member of forums. I have a question,please help me :
i have a static public IP 212.40.41.34 (eth1) and private ip 192.168.0.1 and i want to share this internet connection with eth1 with some computers in my rooms,in my /etc/sysconfig/iptables i wrote
*mangle
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -d ! 192.168.0.1 -j SNAT --to-source 212.40.41.34
COMMIT

*filter
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
COMMIT

and everything is terrible

can anyone tell me why ? thanks thanks

Capt_Caveman · 06-01-2006, 09:50 PM

Please start a new thread for your questions unless you are directly responding to the existing thread. I'm moving your question to it's own thread.

jayakrishnan · 06-02-2006, 01:31 AM

What distro are u using?

huanvnn · 06-02-2006, 02:39 AM

in the first post i didnt exactly wrote at the line
-A POSTROUTING -d ! 192.168.0.1 -j SNAT --to-source 212.40.41.34
and should substitute with
-A POSTROUTING -d ! 192.168.0.0/24 -o eth1 -j SNAT --to-source 212.40.41.34
eth1 : public ip connected to isp
*mangle
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -d ! 192.168.0.0/24 -j SNAT --to-source 212.40.41.34
COMMIT

*filter
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
COMMIT
but it still doesnt work , now i use fedora core2 .
thanks for every consult

Capt_Caveman · 06-02-2006, 09:05 PM

Do you have more than 1 interface?

Have you enabled packet forwarding in the kernel yet
(echo 1 > /proc/sys/net/ipv4/ip_forward)?