Re: ip chains

Mikkel L. Ellertson Sun, 11 Mar 2001 20:38:04 -0800
On Sun, 11 Mar 2001, Chad Roberts wrote:

>
> Alright, i've come to an impasse concerning ip chains, and would be
> eternally grateful for any help i can get.  In short, trying to use ip
> chains to set up a transparent proxy.  here is my setup.
>
> cable modem
> 1 linux box
> 1 windows machine
>
> cable modem<--->linux<--->hub<-->windows
>
> LINUX
> eth0
> ip: 192.168.0.1 (reserved for "private" networks)
> subnet: 255.255.255.0
> eth1
> ip: assigned by dhcp
> subnet: 255.255.255.0 (but assigned 255.255.255.255 by the modem)
>
> WINDOWS
> ip: 192.168.0.3
> subnet: 255.255.255.0
> gateway: 192.168.0.1 or dhcp assigned ip (depending on which howto i
>                                    was following)
>
> 1st question (the easy one).  as far as windows machine, are you suppose to
> use the static ip address, or the one that is assigned by the cable modem
> for as the gateway? (i've tried both)
>
Use the fixed address.  192.168.0.1  This is the address on the same
network as the windows box, and the one it know how to get to.

> Now, since i know my network cards are working, and i know that i can access
> the internet from my linux box, this leads me to believe the problem is most
> likely to do with the ip chains service.
>
> if i do:
>
> ipchains -L
>
> I get:
>
> input = ACCEPT
> forward = ACCEPT
> output = ACCEPT
>
> Is this an indication that ipchains is running?
>
> NOTE: That's without my rc.firewall scripts running.  I have tried using 2
> different sample scripts, but using them doesn help.  is the rc.firewall
> vital for ip chains, or is it just for security purposes?
>
> I've double checked everything i can think of and am stumped as to why i can
> not access the internet from the windows machine.  Can anyone please help me
> out on this one?
>
You have to use IP Masquarading.  As a minimum, without ANY security,
you need:

#!/bin/bash
#
sysctl -w net.ipv4.ip_forward=1
ipchains -P forward REJECT
ipchains -A forward -i eth1 -s 192.168.0.0/24 -j MASQ

This will make the system work, but it leaves you WIDE OPEN.
It will let you check that you can access the Internet from the Windows
bax through the Linux box.

Mikkel
-- 

    Do not meddle in the affairs of dragons,
 for you are crunchy and taste good with ketchup.



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
Re: ip chains

Reply via email to
