| View previous topic :: View next topic |
| Author |
Message |
necrodome
n00b
Joined: 13 Jan 2004
Posts: 3
|
 Posted: Tue Jan 13, 2004 5:14 pm Post subject: ip masquerading with dhcp server |
 |
|
hi,
i have a gentoo box connected to the internet through usb cable modem. i have two more ethernet interfaces, eth0 and eth1. i want to share internet connection with two other windows xp machines through these interfaces; assigning ips to these xp machines dynamically. i have read the ip masquerading howto, but it doesn't mention how to do it with dhcp server?
can you give me step by step directive how to do it? a doc. is also enough, too... |
|
| Back to top |
|
 |
teknomage1
Veteran
Joined: 05 Aug 2003
Posts: 1239
Location: Los Angeles, CA
|
| Posted: Tue Jan 13, 2004 5:29 pm Post subject: |
|
|
it's kinda hidden inside the howto but here's the default config for using a dynamic dhcp assigned address:
| Code: | #Iptables based Masquerading Firewall
modprobe ipt_MASQUERADE
iptables -F; iptables -t nat -F; iptables -t mangle -F;
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
iptables -P INPUT DROP
iptables -A FORWARD -i eth0 -o eth0 -j LOG
iptables -A FORWARD -i eth0 -o eth0 -j REJECT
|
This way it doesn't look at the ips directly just the interface they pass through. You can set up a dhcp sever and iptable doesn't have to know about it. |
|
| Back to top |
|
|
necrodome
n00b
Joined: 13 Jan 2004
Posts: 3
|
| Posted: Tue Jan 13, 2004 6:08 pm Post subject: |
|
|
thanks, i will try it immediately; but i hava doubts about the last two line.
| Code: | iptables -A FORWARD -i eth0 -o eth0 -j LOG
iptables -A FORWARD -i eth0 -o eth0 -j REJECT |
-o parameter means out, and -i in i guess. shouldn't be eth2 for -i and eth0 or eth1 for -o in my case? |
|
| Back to top |
|
|
teknomage1
Veteran
Joined: 05 Aug 2003
Posts: 1239
Location: Los Angeles, CA
|
| Posted: Tue Jan 13, 2004 6:10 pm Post subject: |
|
|
| yeah sorry that's what i get for posting hastily |
|
| Back to top |
|
|
necrodome
n00b
Joined: 13 Jan 2004
Posts: 3
|
| Posted: Mon Jan 26, 2004 5:04 pm Post subject: |
|
|
ok, i tried but still can't clients to the internet.
i'm just trying make interface eth1 available to the internet. i can ping the router from the client but cannot make it to the net.
here is lsmod for router gentoo box:
| Code: |
ipt_REDIRECT 2112 0
ipt_limit 2304 18
ipt_length 1600 0
ipt_TCPMSS 4416 1
ipt_iprange 1728 0
ipt_REJECT 6656 0
ipt_LOG 5312 16
iptable_mangle 2752 0
ipt_state 1792 14
iptable_filter 2752 1
ipt_MASQUERADE 3520 1
iptable_nat 22116 3 ipt_REDIRECT,ipt_MASQUERADE
ip_conntrack 32096 4 ipt_REDIRECT,ipt_state,ipt_MASQUERADE,iptable_nat
ip_tables 17168 12 ipt_REDIRECT,ipt_limit,ipt_length,ipt_TCPMSS,ipt_iprange,ipt_REJECT,ipt_LOG,iptable_mangle,ipt_state,iptable_filter,ipt_MASQUERADE,iptable_nat
|
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
