Hi everybody,
I am trying to set up a linux box to share the
internet connection (static IP, connected to eth0)
using iptables.
My firewall/NAT script looks something like this.
iptables -F
iptables -t nat -F
# Flush all previous rules
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -m state --state NEW -j DROP
# Drop suspicious packets
iptables -A INPUT -m state --state RELATED,ESTABLISHED
-j ACCEPT
#iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
# Just in case I get have to settle for a connection
# with a dynamic IP
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to
200.0.0.1
# Assuming that 200.0.0.1 is the external IP address
echo 1 > /proc/sys/net/ipv4/ip_forward
# Start up IP forwarding
I would love your critique of the above. Any
suggestions on how I can improve the same is also
welcome.
Some time in the fufture I will also be incorporating
an FTP server and maybe even an ssh server. Or perhaps
OpenVPN. Hence, I am pushing for the static IP.
Would also appreciate your recommendations on how I
can allow these two services through the firewall
securely.
I believe the above is from some Linux magazine
published in India from a couple of years ago. Its
been some time since I've messed around with
netfilter, and I am feeling a little out of touch.
Can't shake off the feeling that I am forgetting
something!
-Manoj.C
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
------------------------ Yahoo! Groups Sponsor --------------------~-->
Most low income homes are not online. Make a difference this holiday season!
http://us.click.yahoo.com/5UeCyC/BWHMAA/TtwFAA/0XFolB/TM
--------------------------------------------------------------------~->
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/dubailug/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
