Firewalling on Linux 2.4
Christopher White
cwhite at softquad.com
Wed Jun 20 11:07:57 PDT 2001
Rob,
> > I'm doing simple firewalling
>
> Hmm, looks like Masquerading...
Yep.
>
> > :input ACCEPT
> > :forward DENY
> > :output ACCEPT
> > -A forward -s 192.168.110.0/0 -d 0.0.0.0/0.0.0.0 -j MASQ
>
> Give this a try. I stick it in /etc/rc.d/rc.local:
>
> /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Yeah, that's what I thought I should do, too. But I've run this exact
command and it's had no effect. I could not get through the firewall from my
Win2000 machine when I used this box as my gateway. Yet
masquerading/routing worked when I was using ipchains. When I run the above
command, then check the tables, nothing has changed:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
> echo "1" > /proc/sys/net/ipv4/ip_forward
In Red Hat you change a variable in /etc/sysctl.conf:
net.ipv4.ip_forward = 1
and the file /proc/sys/net/ipv4/ip_forward gets the "1" put into it.
>
> For more documentation, try:
>
> http://netfilter.filewatcher.org/unreliable-guides/NAT-HOWTO/index.html
Been there, read that. That's where I found the command you suggested. It
just doesn't work. I'm baffled.
Thanx!
--Chris
More information about the talk
mailing list