The folks on the Shorewall project have done all this for you:
apt-get install shorewall
F.S
On Sun, Apr 23, 2006 at 09:27:21AM -0400, [EMAIL PROTECTED] wrote:
> I'm running sarge on a vintage Pentium as a gateway machine for a home
> network.
>
> My machine was cracked last December and I reinstalled everything
> from scratch using a sarge netinstall CD. (I checked all scripts I
> resurrect from the old system, and recompiled all my *own* binaries
> from original source code. The script I mention below hasn't been
> molested.)
>
> I run the same script for port-forwarding and masquerading that I used
> before the reinstall.
>
> But it doesn't work.
>
> Lines like
>
> iptables -t nat -A PREROUTING --protocol tcp -d 216.138.195.194 --dport 27012
> -j DNAT --to-destination 172.25.1.5:27012 --verbose
> iptables -t nat -A PREROUTING --protocol udp -d 216.138.195.194 --dport 27012
> -j DNAT --to-destination 172.25.1.5:27012 --verbose
> iptables -t nat -A POSTROUTING --protocol udp -s 172.25.1.5 --sport 27012 -j
> SNAT --to-source 216.138.195.194:27012 --verbose
> iptables -t nat -A POSTROUTING --protocol tcp -s 172.25.1.5 --sport 27012 -j
> SNAT --to-source 216.138.195.194:27012 --verbose
>
> have no effect at all (as checked by iptables --list)
>
> but the line
>
> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
>
> works like a charm.
>
> I suspect there's probably a missing kernel module. But which one?
> And where do I find it? The docs for iptables way that it will attampt
> to load any necessary modules, so I presume a simple modprobe isn't
> enough. Or else that it doesn't try hard enough.
>
> -- hendrik
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
--
Hundreds of years in the future
there could be computers
looking for life on earth
--Coldplay
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
