[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: setting up nat



Hi,

Here you have a little gui/wizard that i found on the NET for firewall, but no, NAT, of course you can add the lines that Arun sent to you to the file that result of running this wizard.

or modify the wizard to be able to manage NAT also ;)

regards,

Guillermo.


Antoine wrote:
Thanks for that... but I hope you are joking! You mean there is no
gui/wizard for setting up nat?!?
Cheers
Antoine

On 19/05/06, Arun Binaykia <arun binaykia com> wrote:
Hello,

eth0 is the lan interface,
eth1 is the wan interface.

substitute eth1 with your ppp interface

This is my script for nat and firewall. It's a part of /etc/rc.local

I've use the following tutorial, iptables are not very difficult.

http://iptables-tutorial.frozentux.net/iptables-tutorial.html#HOWARULEISBUILT

#=====
iptables --flush
iptables --flush -t nat
iptables --append FORWARD --in-interface eth0 -j ACCEPT
iptables -A FORWARD -i eth1 -m state --state NEW,INVALID -j DROP
iptables -t nat -A POSTROUTING  -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -P INPUT DROP
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -i eth1 -p udp -j ACCEPT
#==== if you want just nat stop here
iptables -A INPUT -i eth1 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT
#=====

HTH
Arun


On Fri, 2006-05-19 at 21:48 +0200, Antoine wrote:
> Hi,
> I am relatively new to fedora (just done two years of gentoo), and
> quite a bit of googling didn't turn up any easy way to activate nat. I
> have a few machines that I want to be nat'ed through a fc5 box
> connecting via pppoe. I installed firestarter but it won't activate
> nat until I restart my adsl connection (which means sshing into my
> router box and restarting... ok for me but not for the missus!). I
> can't believe there is no standard way to set up nat, so if anyone has
> any pointers I am all ears.
> Cheers
> Antoine
>
> --
> This is where I should put some witty comment.
>

--
fedora-list mailing list
fedora-list redhat com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list



Attachment: firewall_install.sh
Description: application/shellscript


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]