|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] iptables and NAT
|
www.shorewall.net is about the best and easiest thing I have yet to use. It
makes configuration or the rule sets and NAT very easy as well as handling
advanced features such as TOS tagging and traffic shaping.
Kam Salisbury
MCSE, Linux+, CNA
http://kamsalisbury.com
http://pwig.org
----- Original Message -----
From: "Ziegler, Scott" <scott_ziegler@merck.com>
To: "Plug (E-mail)" <plug@lists.phillylinux.org>
Sent: Thursday, February 06, 2003 4:03 PM
Subject: [PLUG] iptables and NAT
> I am trying to setup a Linux workstation (Slackware 8 with 2.4.18 kernel)
to
> tie a local network (192.168.x.x) of XP machines to our corporate network.
> The Linux machine has a hard coded IP address and it works on the network
as
> far as telnet, ssh, browsing, etc. We need to have network connectivity
from
> the XP (for all of those M$ updates) machines through the Linux machine.
>
> I have tried several variations of iptables configurations and it appears
> that I still have some NAT problems. On a ping test I appear to have name
> resolution, but I don't get any acknowledgements and the browser cannot
load
> any pages. I have rebuilt the kernel with the following modules:
> config_ip_advanced_router
> config_ip_nf_iptables
> config_ip_nf_filter
> config_ip_nf_nat
> config_ip_nf_nat_needed
> config_ip_nf_target_masquerade
> config_ip_nf_target_redirect
> config_ip_nf_ftp
> config_ip_nf_mangle
>
> Our public interface is eth0 and the private is eth1. eth1 is up and
running
> with an entry in the route table.
>
> I have followed several tutorials from web sites and books without
success.
> Also, when I configure the iptables, the Linux machine can no longer
browse
> internet from the console.
>
> The configuration I have most recently used is:
> iptables --table nat --append POSTROUTING --out-interface eth0 -j
MASQUERADE
> iptables --append FORWARD --in-interface eth1 -j ACCEPT
>
> The references I have used are:
> http://www.yolinux.com/TUTORIALS/LinuxTutorialNetworking.html#ADDNIC
> http://www.netfilter.org/unreliable-guides/NAT-HOWTO/
> Linux Firewalls by Robert L. Ziegler
>
> One thing that has not been very clear is if I need to setup ipchains. The
> yoliux reference shows the setting of ipchains but none of the other
> references talk about using ipchains.
>
> I would appreciate any help or suggestions.
> Thanks
> Scott Ziegler
>
>
> <<Ziegler, Scott.vcf>>
>
> --------------------------------------------------------------------------
----
> Notice: This e-mail message, together with any attachments, contains
information of Merck & Co., Inc. (Whitehouse Station, New Jersey, USA) that
may be confidential, proprietary copyrighted and/or legally privileged, and
is intended solely for the use of the individual or entity named on this
message. If you are not the intended recipient, and have received this
message in error, please immediately return this by e-mail and then delete
it.
>
>
============================================================================
==
>
_________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
|
|