FC2 as a geteway

priou prioualexandre at yahoo.fr
Mon Sep 6 18:45:23 UTC 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le lundi 06 Septembre 2004 20:29, Hans Christian Studt a écrit :
> Hi,
>
> I am trying to set up a FC2 PC (tux1700) as a gateway to the internet via
> my modem ppp0 and another FC2 PC (tux) that will use the gateway through
> eth0.
>
> At the moment this does not work and I don't know if the problem is the
> gateway or the other PC or both.
>
> How do I best troubleshoot this problem ?


your gatway not has our NAT correct !

you have need a trick in the kind : 

# load le module nat in iptable 
modprobe ip_nat_${normal_mod}_conntrack

 -A FORWARD -i eth0 -s 192.168.0.0/16 -d 10.0.0.0/8 -j ACCEPT
 -t nat -A POSTROUTING -s ${net} -o ${pub} -j MASQUERADE
echo 1>/proc/sys/ipv4/ip/forward

it's un exemple , change eth0 with ppp0 
but the best it's : read the doc at : www.netfilter.org 


alex 

>
> Gateway PC
> --- cat /etc/sysconfig/iptables
> # Firewall configuration written by system-config-securitylevel
> # Manual customization of this file is not recommended.
> *nat
>
> :PREROUTING ACCEPT [0:0]
> :POSTROUTING ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
>
> -A POSTROUTING -o ppp0 -j MASQUERADE
> COMMIT
> *filter
>
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
>
> COMMIT
> --- cat /proc/sys/net/ipv4/ip_forward
> 1
> ---
>
> Other PC
> --- cat /etc/sysconfig/iptables
> # Firewall configuration written by system-config-securitylevel
> # Manual customization of this file is not recommended.
> *filter
>
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :RH-Firewall-1-INPUT - [0:0]
>
> -A INPUT -j RH-Firewall-1-INPUT
> -A FORWARD -j RH-Firewall-1-INPUT
> -A RH-Firewall-1-INPUT -i lo -j ACCEPT
> -A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
> -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
> -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
> -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
> COMMIT
> --- cat /proc/sys/net/ipv4/ip_forward
> 1
> ---
>
> Mvh Hans Christian Studt
> Private +45 48 79 79 89
> Mobile +45 29 23 54 14
> Business +45 36 14 54 14
> mailto:hc at studt.dk http://hc.studt.dk
> Powered by Linux 2.6.8-1.521
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iQCVAwUBQTywRSoNE5chiWYzAQIqvQP/VL4vAC3UnEkhnVh/PG2TZzQ14t9JYjuK
zu5Jr/KXUAsZG0Qzqdqv3RgMf7MD/H0odhY7mjnbbVBGj8dd3zSvpx5HSkY2pesA
N+khUskJq5RLFyLltVmQhcz7OobuySLg2iUqL3LgwC6yFT27ABBDDdeChklgd3Bc
cyTe9cOi95o=
=3kcZ
-----END PGP SIGNATURE-----





More information about the fedora-list mailing list