Results 1 to 2 of 2
I am trying to configure a Linux box to be an internet gateway with Debian 5. eth0 - connected to internet and configured as dhcp client (actually right now its ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 09-30-2011 #1
- Join Date
- Oct 2008
Trouble configuring my Linux gateway - NAT & iptables on Debian 5
eth0 - connected to internet and configured as dhcp client (actually right now its connected to my Linksys router on the 192.168 network).
eth1 - Used for my dhcp server on my LAN with static ip of: 220.127.116.11
So far I have dhcp working and its issuing addresses to my systems connected to eth1 through my switch.
Now I am at the point where I want to forward traffic to and from eth0 and eth1, mainly so I can allow internet access to devices on the 150.50 network.
My overall goal here is to replace my router with this Linux gateway system and play with packet filtering and firewall configuration, etc.
I followed a guide on setting up a gateway but I'm not sure it's correct and I tried to adjust it for my system. However, I execute the script and it doesnt seem like it is working. I am unable to access the internet from my computer on the 150.50 network. I can however ping the 192.168.1.1 gateway from a computer on the 150.50 network.
I am not sure if I need anymore lines in there.
Here is my iptables script:
#!/bin/sh PATH=/usr/sbin:/sbin:/bin:/usr/bin # Internet: eth0 -- LAN: eth1 #delete all existing rules iptables -F iptables -t nat -F iptables -t mangle -F iptables -X # Always accept loopback traffic iptables -A INPUT -i lo -j ACCEPT #Allow established connections and those not coming from outside: iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT #Allow outgoing connections from the LAN side: iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT #Masquerade: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE #Dont forward from the outside to the inside: iptables -A FORWARD -i eth0 -o eth1 -j REJECT #Enable routing: echo 1 > /proc/sys/net/ipv4/ip_forward
Last edited by KingPanda; 09-30-2011 at 02:15 AM.
- 09-30-2011 #2
- Join Date
- Oct 2008
Alright... looks like it was working the whole time. The ONLY thing I needed was to turn on the ip_forwarding in the kernel (which I had done all along).
My "problem" was that I have not set up DNS on my Linux system; That is why I could not go to "google.com" on my client machines. However I could successfully ping google's ip address.