Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

iptables question

Status
Not open for further replies.
Nostradamus

Nostradamus

Technical User
May 3, 2000
419
0
0
SE
I have two NIC's in my red hat 7.2 computer.
I want to share internet (eth1) with everyone on the lan (eth0).

What do I need to run iptables (modules?) and how should I set up the rules using iptables. No firewall option as of yet. Just everything coming in on eth0 forwarded to eth1 and the other way around.
/Sören
 
Sort by date Sort by votes
Hi,

I think redhat ship iptables as a separate rpm so you'd have to install that - basically it all comes in various modules but, for masquerading, you just modprobe iptable_nat and it should pull in all the others it needs.

Once you have the modules, you'd just code an IP masquerading script like this...

echo 1 >/proc/sys/net/ipv4/ip_forward
/sbin/modprobe ip_tables iptable_nat iptable_nat_ftp
/sbin/iptables -t nat -A POSTROUTING -o eth1 -i eth0 -j MASQUERADE

For completeness, you could also add at the start :

/sbin/iptables -F FORWARD
/sbin/iptables -P FORWARD DROP

(flushes FORWARD chains and sets default policy to DROP packets).

You could put that in the /etc/rc.d/rc.local startup script.

Regards


 
Upvote 0 Downvote
Really bad idea with no filtering.

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

Even a modest static , stateless filter is better than nothing. I would not use the internet without a basic
filter in place.

Basic Ideas:(Home network)
Block everything you don't want INPUT and FORWARD,
LOG traffic outbound that is not part of an established
conversation so you get an idea what your machines are
doing. On a business/secure net better to use default
DROP or REJECT for a policy.
Set up a trust relationship with your routing host and
internal hosts that is safe, but trust nothing fully.
Run an ids (like snort) on your router host.
Use encryption and ACL aware apps.


If you want to allow privately addressed hosts to share
a connection that is non-permanent, use:
iptables -t nat -A POSTROUTING -s $local_net -j MASQUERADE
Otherwise use the SNAT option.

Just some ideas...
Good Luck.
 
Upvote 0 Downvote
As far as the RH7.2 specifics...

iptables and ipchains are installed by default. You'll need to remove ipchains (rpm -e ipchains) to make iptables usable.


Andre
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

AbidingDude
  • Locked
  • Question
Newbie Apache Cache Question
Replies
5
Views
114
AbidingDude
AbidingDude
johngiggs
  • Locked
  • Question
Regex Question
Replies
1
Views
50
johngiggs
johngiggs
fzx5v0
  • Locked
  • Question
IPTables outgoing firewall rules
Replies
1
Views
49
minicompbx
minicompbx
abrooks3640
  • Locked
  • Question
Two Servers on One Machine - iframe question
Replies
0
Views
35
abrooks3640
abrooks3640
MichealC4
  • Locked
  • Question
iptables + gre + masquerade = doesn't work?
Replies
1
Views
71
MichealC4
MichealC4

Part and Inventory Search

Sponsor

Back
Top