nat masquerade router
Rodolfo J. Paiz
rpaiz at simpaticus.com
Tue Jun 15 17:30:00 UTC 2004
At 11:16 6/15/2004, fedora wrote:
>Hi, I'd sure appreciate help with getting my router and host to work!
Just a quick run-through here...
>1_ router-
>blue.myvnc.com
>eth0 - dhcp
>eth1 - 192.168.1.1
>SubNet Mask 255.255.255.0
>Default Gateway: 0.0.0.0
You can safely remove the default gateway from eth1 since it *is* the
gateway for its network (192.168.1.0/24).
>2A_ in /etc/hosts reads:
>127.0.0.1 localhost.localdomain localhost
>192.168.1.10 red.myvnc.com red
>#red is the host
I would also add:
192.168.1.1 localhost.localdomain localhost
This is not a problem, just making it better.
>4_
>Added FORWARD rules
>
># iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
># iptables -A FORWARD -s 192.168.0.0/16 -j ACCEPT# iptables -A FORWARD
>-d 192.168.0.0/16 -j ACCEPT
># iptables -A FORWARD -s ! 192.168.0.0/16 -j DROP
I would suggest two things:
1. Use 192.168.1.0/24 which is your real internal network. Always
match networks properly. Not the cause of your problem, most likely.
2. I don't see you allowing any *incoming* traffic...? You should
accept new connections outbound and then accept all related and established
traffic in both directions.
Have you thought of using a tool to make your iptables rules? There are
quite a few out there. I personally swear by Shorewall, but I also see tons
of recommendations for FireStarter which is a GUI application. Even if you
*want* to do things by hand, you might want to see what rules something
like Firestarter creates to compare them against your own... great learning
tool, that.
Cheers,
--
Rodolfo J. Paiz
rpaiz at simpaticus.com
http://www.simpaticus.com
More information about the fedora-list
mailing list