|
Masquerading Made Simple HOWTO |
|
Prev
|
|
Next
|
Assuming external internet card is eth0, and external IP is 123.12.23.43 and the internal network card is eth1, then:
$>
modprobe ipt_MASQUERADE
# If this fails, try continuing anyway
$>
iptables -F; iptables -t nat -F; iptables -t mangle -F
$>
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 123.12.23.43
$>
echo 1 > /proc/sys/net/ipv4/ip_forward
|
Or for a dial-up connection:
$>
modprobe ipt_MASQUERADE
# If this fails, try continuing anyway
$>
iptables -F; iptables -t nat -F; iptables -t mangle -F
$>
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
$>
echo 1 > /proc/sys/net/ipv4/ip_forward
|
Then to secure it:
$>
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$>
iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
$>
iptables -P INPUT DROP
#only if the first two are succesful
$>
iptables -A FORWARD -i eth0 -o eth0 -j REJECT
|
Or for a dial-up connection (with eth0 as the internal network card):
$>
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$>
iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
$>
iptables -P INPUT DROP
#only if the first two are succesful
$>
iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT
|
And thats it! To view the rules do "
iptables -t nat -L
"
