You seem to have missed out this one # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
My home router stopped working without that. Hope that helps somewhat. ----- Alex A. Smith MCP ASMHosting.com Owner askar ... wrote: >Hello! > >Installed Gentoo 2005.0, stage3. >I want to make home router for 2 computers: Gentoo and Win2000. >2 computers connected directly to each other with Lan cable. > >I tried to set according to the >http://www.gentoo.org/doc/en/home-router-howto.xml > >Things done as follows: > >1) rp-pppoe installed and working. > Setup ADSL connection with adsl-setup > I'm able to use Internet. > >2) /etc/conf.d/net: >iface_eth0="192.168.0.1 broadcast 192.168.0.255 netmask 255.255.255.0" >iface_eth1="up" ># ADSL modem connected to the eth1 ># eth0 for LAN > >3) during gentoo installation done: ># rc-update add net.eth0 default ># cd /etc/init.d ># ln -s net.eth0 net.eth1 ># rc-update add net.eth1 default > >4) installed DHCP server: ># emerge dhcp > >5) /etc/conf.d/dhcp: >IFACE="eth0" >DHCPD_OPTS="-q" ># These setting were done by default. I did nothing here > >6) # nano /etc/dhcp/dhcpd.conf: >authoritative; >ddns-update-style ad-hoc; >subnet 192.168.0.0 netmask 255.255.255.0 { > range 192.168.0.100 192.168.0.250; > default-lease-time 259200; > max-lease-time 518400; > option subnet-mask 255.255.255.0; > option broadcast-address 192.168.0.255; > option routers 192.168.0.1; > option domain-name-servers 192.168.0.1; >} >#These data I took from http://www.gentoo.org/doc/en/home-router-howto.xml > >7) # rc-update add dhcp default > # /etc/init.d/dhcp start > >8) # emerge dnsmasq > >9) nano /etc/conf.d/dnsmasq: >DNSMASQ_OPTS="-i eth0" > >10) # rc-update add dnsmasq default > # /etc/init.d/dnsmasq start > >11) # iptables -F > # iptables -t nat -F > # iptables -I INPUT 1 -i eth0 -j ACCEPT > # iptables -I INPUT 1 -i lo -j ACCEPT > # iptables -A INPUT -p UDP --dport bootps -i ! eth0 -j REJECT > # iptables -A INPUT -p UDP --dport domain -i ! eth0 -j REJECT > # iptables -A INPUT -p TCP --dport ssh -i eth1 -j ACCEPT > # iptables -A INPUT -p TCP -i ! eth0 -d 0/0 --dport 0:1023 -j DROP > # iptables -A INPUT -p UDP -i ! eth0 -d 0/0 --dport 0:1023 -j DROP > # iptables -I FORWARD -i eth0 -d 192.168.0.0/255.255.0.0 -j DROP > # iptables -A FORWARD -i eth0 -s 192.168.0.0/255.255.0.0 -j ACCEPT > # iptables -A FORWARD -i eth1 -d 192.168.0.0/255.255.0.0 -j ACCEPT > # iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE > # echo 1 > /proc/sys/net/ipv4/ip_forward > # for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done > >12) # /etc/init.d/iptables save > # rc-update add iptables default > >13) # nano /etc/sysctl.conf >net.ipv4.ip_forward = 1 >net.ipv4.conf.default.rp_filter = 1 > >What I have now: >1) 2 computers can ping each other >2) Win PC can look up hostnames via DNS > >The probles is I still can't use internet from WinPC. > >Please help me. > >Askar > > > -- gentoo-user@gentoo.org mailing list