LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-04-2006, 01:57 AM   #1
Niceman2005
Member
 
Registered: Nov 2004
Distribution: Fedora Core 2
Posts: 330

Rep: Reputation: 30
Unable to set up direct connection with iptables


Dear friends,

I am trying to set up internet sharing. meaning I have a computer connected to internet, then i setup an iptables on the computer,
on the iptables i have say a rule like this:

$IPT -A FORWARD -s 192.168.27.44 -j ACCEPT

Meaning, i want computer with ip 192.168.27.44 to be able to directly connect to the internet. I have set echo 1 >/proc/sys/net/ipV4

On the computer with IP 192.168.27.44, i have also set the DNS to use my ISP dns, but when i try to connect to internet it doesn't work...

I can't figure out whats the problem...i thought the rule like that can give free access for any machine with ip 192.168.27.44 to the internet?

....anywhere i have made a mistake, thats just one rule of my iptables, of course is not the full script...

pls help me....thanks..

Regards
Y
 
Old 08-04-2006, 02:45 AM   #2
sarajevo
Member
 
Registered: Apr 2005
Distribution: Debian, OpenBSD,Fedora,RedHat
Posts: 228
Blog Entries: 1

Rep: Reputation: 31
Hi,

Copy and paste the code below, and make script executable....chmod 755 script_name.sh
then run ./script_name.... and that's it...
give your internal network interface ip address 192.168.1.1 and this will be a gateway for your machines connected to gateway...
Proper ip addresses for machines in private network are 192.168.1.2 192.168.1.3 and so on.

Take care to adjust this script to your needs, I mean if you are using ppp0 then figure out which interface you should change.
Make clear yourself which interface is external and which is internal in your case

Regards


#!/bin/sh

PATH=/usr/sbin:/sbin:/bin:/usr/bin

#
# delete all existing rules.
#
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X

# Always accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT


# Allow established connections, and those not coming from the outside
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow outgoing connections from the LAN side.
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

# Masquerade.
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

# Don't forward from the outside to the inside.
iptables -A FORWARD -i eth1 -o eth1 -j REJECT

# Enable routing.
echo 1 > /proc/sys/net/ipv4/ip_forward
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Unable to have direct access to graphics hardware in Xorg R6.8 cvelasquez Linux - Software 1 03-18-2006 11:14 PM
HELP - unable to set up wireless connection boyd98 Fedora 1 03-03-2006 08:16 AM
Direct Connection Xp and Linux mecca Linux - Networking 4 06-27-2004 04:09 PM
Unable to logon on as non-root user after update as unable to set executable context pls198 Fedora 2 04-09-2004 12:41 PM
direct connection through the firewall cam99 Linux - Security 1 08-03-2003 06:35 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:03 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration