[Comm-en] sharing Internet access
Michael Shigorin
mike at osdn.org.ua
Mon Mar 31 21:15:54 MSD 2003
On Mon, Mar 31, 2003 at 10:29:03AM -0600, D&J Bouley wrote:
> I named our local network "VirtualSkyNet" and my gateway
> address to 192.168.0.1 during the set-up.
Good. :)
> Do I replace the $LOCALNET=192.168.9.0/24 variable with
> $VirtualSkyNet=192.168.0.1/24 in the script below?
No, it's just the _variable_ name.
> I assume I only have to run this script once to get Internet
> sharing functional.
Well this could be simpler:
--- /etc/sysconfig/iptables ---
*filter
-A INPUT -j tcprules
-A FORWARD -j tcprules
-A tcprules -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A tcprules -i ! ppp0 -m state --state NEW -j ACCEPT
-A tcprules -i ppp0 -m state --state INVALID,NEW -j DROP
-A tcprules -i ppp0 -j REJECT --reject-with icmp-host-unreachable
COMMIT
*nat
-A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j MASQUERADE
COMMIT
--- end of /etc/sysconfig/iptables ---
(btw, 192.168.0.0/24 and 192.168.0.1/24 are just the same as the
last byte would be outside the _network_ address being the _host_
part)
Then make sure /etc/sysctl.conf has the line as here:
---
net.ipv4.ip_forward = 1
---
(my favorite oops-forgot-it is not to enable forwarding %)
To enable it all now, do
rmmod ipchains
echo "1" > /proc/sys/net/ipv4/ip_forward
service iptables restart
which will result in stateful firewall with NAT up and running.
Well, hopefully -- I didn't actually test this :-)
PS: if the internet interface is not ppp0 and say eth1 -- make
appropriate changes.
PPS: 2ALT: hey if we've broken drakgw we'd really better
introduce something yet better ;-)
--
---- WBR, Michael Shigorin <mike at altlinux.ru>
------ Linux.Kiev http://www.linux.kiev.ua/
More information about the community-en
mailing list