setting up a nat box

[Moszer]

Hello,

I'm setting up a nat box for the first time, I was just wondering if anyone saw any potential problems with the rules I've used, My externel is eth0, internel eth1, I'm on a cable modem so my externel has to snag an ip with dhcp. Also does anyone see a problem with setting up samba and cups and limiting them to the internel interface? I was looking for a pretty cut and dry setup, anything that originates from inside the nat to be allowed through, only related and established connections from the outside are allowed in.

echo "1" > /proc/sys/net/ipv4/ip_forward

iptables -P FORWARD DROP
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -P INPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -i lo -p all -j ACCEPT
iptables -A INPUT -j ACCEPT -p all -s 192.168.1.0/24 -i eth1

iptables -P OUTPUT ACCEPT

Let me know if you don't see any problems too, or if you see room for improvement!
Any and all advice is greatly appreciated....

[100%hound_dog]

Was connection tracking compiled into the kernel or are you loading it as a module? If you are loading it as a module you might want to add modprobe ip_conntrack to the begining of your script.
_________________
When hunting monsters one should take care not to become one.

[Moszer]

I'm loading it at a module. An lsmod shows that it loads it's self when the script runs, so as far as I know it is working without me actually manually loading it. Thanks for the advice though!