Monty Wiseman wrote:
> I have setup a Linux gateway for my windows clients. The gateway is at
> 192.168.0.1. I connect to the Internet via a dialup connection PPP0.
> All the clients can get out to the Internet but the gateway cannot.
> When I change the *filter section :INPUT DROP [0:0] to :INPUT ACCEPT
> [0:0] it works fine so I'm sure I am missing an "accept" for the
> gateway machine in my IPTABLES.
>
> # Generated by iptables-save v1.2.7a on Sun Aug 10 21:13:11 2003
>
> *mangle
>
>> PREROUTING ACCEPT [6625:484538]
>
>> INPUT ACCEPT [6625:484538]
>
>> FORWARD ACCEPT [0:0]
>
>> OUTPUT ACCEPT [6623:484065]
>
>> POSTROUTING ACCEPT [7001:515709]
>
> COMMIT
>
> # Completed on Sun Aug 10 21:13:11 2003
>
> # Generated by iptables-save v1.2.7a on Sun Aug 10 21:13:11 2003
>
> *nat
>
>> PREROUTING ACCEPT [4:1129]
>
>> POSTROUTING ACCEPT [167:12974]
>
>> OUTPUT ACCEPT [0:0]
>
>> RH-Lokkit-0-50-INPUT - [0:0]
>
> [0:0] -A POSTROUTING -o ppp0 -j MASQUERADE
>
> [167:12974] -A OUTPUT -j ACCEPT
>
> COMMIT
>
> # Completed on Sun Aug 10 21:13:11 2003
>
> # Generated by iptables-save v1.2.7a on Sun Aug 10 21:13:11 2003
>
> *filter
>
>> FORWARD ACCEPT [0:0]
>
>> INPUT DROP [0:0]
>
>> OUTPUT ACCEPT [0:0]
>
> -A FORWARD -i eth0 -j ACCEPT
>
> -A FORWARD -p tcp -m tcp -j ACCEPT
>
> -A INPUT -s 192.168.0.0/16 -i eth0 -j ACCEPT
>
> -A INPUT -s 127.0.0.1 -i lo -j ACCEPT
>
> -A INPUT -s 192.168.0.1 -i lo -j ACCEPT
>
> -A INPUT -d 192.168.0.255 -i eth0 -j ACCEPT
>
> COMMIT
>
> # Completed on Sun Aug 10 21:13:11 2003
Assuming your external interface is eth1, you need some rules in the INPUT
table to allow the good stuff in (as you suspected). Read the ip masquerade
howto for some simple and not so simple rules
http://www.tldp.org/HOWTO/IP-Masquer...FIREWALL-2.4.X.
Cheers
Tim
Similar Threads
Linear Mode
