Re: iptables nat masquerade

[Alexey Fadyushin <fab s-tunnel com>]

You do not need to use any proxy settings in browsers on you internal
network
computers when you are using NAT on the router.

I think that you should use the following iptables configuration on the
router:

iptables -t nat -A POSTROUTING -s <internal_network_addresses> -o eth1
-j MASQUERADE

iptables -t filter -A FORWARD -s <internal_network_addresses> -j ACCEPT
iptables -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j
ACCEPT
iptables -t filter -A FORWARD -j DROP

Instead of the last three lines you can set the default polucy of
FORWARD chain to
ACCEPT and flust the chain, however, I think this would be less secure.

Alexey Fadyushin
Brainbench MVP for Linux
http://www.brainbench.com


Jim Austin wrote:
> 
> Hello,
> 
> Am trying to set up IP masquerading on my RH9 box that has two NICs.
> One connects to a W2k box (eth0) and the other (eth1) to a DSL DHCP
> connection.  Ping connection is fine between the two PCs is fine.  Here
> is what I've done.
> 
> 1) ip_forward is turned on.
> 2) iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> 3 ) Default gateway on the W2k box is the IP of the eth0 interface on
> the RH9 box.
> 4) DNS servers are setup on the W2k box.
> 
> Not sure how to configure Moizilla on the Windows machine... I've tried
> using a manual proxy connection with the HTTP proxy ip of the eth0 on
> RH9 and a port of 8080.  Nada... Can't ping through the RH9 box to ISP
> either.
> 
> Would sure appreciate it if someone can help.  What I am missing?
> Thanks very much,
> Jim
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list