Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Question Trouble configuring my Linux gateway - NAT & iptables on Debian 5

    I am trying to configure a Linux box to be an internet gateway with Debian 5.

    eth0 - connected to internet and configured as dhcp client (actually right now its connected to my Linksys router on the 192.168 network).
    eth1 - Used for my dhcp server on my LAN with static ip of:

    So far I have dhcp working and its issuing addresses to my systems connected to eth1 through my switch.

    Now I am at the point where I want to forward traffic to and from eth0 and eth1, mainly so I can allow internet access to devices on the 150.50 network.

    My overall goal here is to replace my router with this Linux gateway system and play with packet filtering and firewall configuration, etc.

    I followed a guide on setting up a gateway but I'm not sure it's correct and I tried to adjust it for my system. However, I execute the script and it doesnt seem like it is working. I am unable to access the internet from my computer on the 150.50 network. I can however ping the gateway from a computer on the 150.50 network.

    I am not sure if I need anymore lines in there.

    Here is my iptables script:
    # Internet: eth0  --  LAN: eth1
    #delete all existing rules
    iptables -F
    iptables -t nat -F
    iptables -t mangle -F
    iptables -X
    # Always accept loopback traffic
    iptables -A INPUT -i lo -j ACCEPT
    #Allow established connections and those not coming from outside:
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
    iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
    #Allow outgoing connections from the LAN side:
    iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    #Dont forward from the outside to the inside:
    iptables -A FORWARD -i eth0 -o eth1 -j REJECT
    #Enable routing:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    Last edited by KingPanda; 09-30-2011 at 02:15 AM.

  2. #2
    Alright... looks like it was working the whole time. The ONLY thing I needed was to turn on the ip_forwarding in the kernel (which I had done all along).

    My "problem" was that I have not set up DNS on my Linux system; That is why I could not go to "" on my client machines. However I could successfully ping google's ip address.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts