Thread: Newbie NAT question
View Single Post

  #3 (permalink)  
Old 11-04-2004
Solbu
 
Posts: n/a
Default Re: Newbie NAT question
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On onsdag 3. november 2004, 17:11 Fernando Vaz tried to express an opinion:

> All the NAT modules are loaded, I have cleared
> all firewall rules, but still the machine behind the gateway can't
> ping anywhere past the gateway. ipv4_forward is set to 1.

I had that problem also,
so I added some additional roules to my iptable script.

===
/sbin/iptables -t nat -F
/sbin/iptables -t nat -A POSTROUTING -d ! 192.168.0.0/24 -o ppp0 -j MASQUERADE
IPTABLES=/sbin/iptables

echo " - Enabling packet fowarding in the kernel"
echo "1" > /proc/sys/net/ipv4/ip_forward

echo " - FWD: Allow all connections OUT and only existing and related ones IN"
$IPTABLES -A FORWARD -i eth0 -o ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i ppp0 -o eth0 -j ACCEPT
===

- --
Solbu - http://www.solbu.net
Remove 'ugyldig' for email
PGP key ID: 0xFA687324
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFBig+kT1rWTfpocyQRAnPGAKC2mo6IeF+x1A03Qo7ex3 YaVupNVgCfYAgG
B7YC53KLi7XgqGEJnkHAwpE=
=Tjty
-----END PGP SIGNATURE-----
Reply With Quote