[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: Getting NAT working
From:       "Brett W. McCoy" <bmccoy () chapelperilous ! net>
Date:       2000-03-28 16:50:26
[Download RAW message or body]

On Wed, 29 Mar 2000, Mark Stewart wrote:

> Over much frustration and tcpdumping of interfaces, I have discovered
> something fundamentally important which may appear to be trivial but
> cost me a few hours of my undivided attention.
> 
> When getting NAT to work you need
> 
> iptables -A FORWARD -i eth0 -i ppp0 -j ACCEPT

Both of them as input devices?

> where eth0 is the connection which you want to send out and ppp0 is the
> connection you want to send it through. e.g. You want all internal
> network traffic sent to the net. This is rather crude since you might
> not want all internal network traffic to go out and can be refined a
> little better.
> 
> iptables -A FORWARD -i ppp0 -o eth0 -m state --state ESTABLISHED,RELATED
> -j ACCEPT
> 
> Also, you want the relevant connections which you initiated allowed back
> through and no other nasties.
> 
> iptables -A POSTROUTING -t nat -o ppp0 -j MASQUERADE
> echo 1 > /proc/sys/net/ipv4/ip_forward
> 
> And of course, you need this for it all to come together and work.

What is the equivalent for doing static NATing, such as through a DSL
network?  I have been struggling all week trying to get it to work, to no
avail.  Any machines inside my internal network cannot see anything beyond
my NAT machine.


Brett W. McCoy                        
                                              http://www.chapelperilous.net
---------------------------------------------------------------------------
Idleness is the holiday of fools.

[prev in list] [next in list] [prev in thread] [next in thread]