use the following at linux server : ---------------------------------------------- echo "1" > /proc/sys/net/ipv4/ip_forward echo " Moved 1 to ip_forward ........ " iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE ---------------------------------------------------
and set linux server ipaddress as gateway to your windows machine. this works 101%, i am using it from last 6 months. amit --- "Shailesh J. Kumar" <[EMAIL PROTECTED]> wrote: > > If anyone can give me a solution on fro using the > Red Hat 9.0 as a gateway, using IPTABLES or > IPCHAINS. > > > -----Original Message----- > From: > [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Behalf Of Shailesh J. Kumar > Sent: Tuesday, August 19, 2003 3:23 PM > To: The Linux-Delhi mailing list > Subject: RE: [ilugd] NAT & DNS on 7.2 ? URGENT ! > > Hi, > > I am a little new to Linux and don't know much of it > in details, so I am doing as instructed. > > I have tried the same with Red Hat 9.0 and installed > all the packages and everything. But it seems that > the problem does not get resolved easily, as I am > getting the same problem of the 1. Ipchains: > Incompatible with this Kernel and 2. Ipchains: > Protocol is not available > > I have installed the Red Hat 9 version, which I got > it in the DIGIT Aug 2003 magazine. > > I did exactly as under. > > Please go through it and tell me where did I go > wrong. > > >>Start of Message<< > > Shailesh, > > Try this. > > 1. Take two Ethernet cards (though u can do with one > also, but for security purposes) > > 2. Put on eth0 your local network - lets say > 192.168.1.* lets say - 192.168.1.1 (rest of your > windoze cud be on 192.168.1.*) > > 3. Put on your eth1 for isp. Now if the isp gives > permanent ip address, great, configure your eth1 for > the same, if not, configure your eth1 to pick > address dynamically. route add gw <yr isp gw> eth1 > > 3.a. If your eth1 is dynamic, then you will need > to execute a script that automatically runs the > route add command everytime it is brought up > > > 4. to run name server, simply install bind, > bindutils, caching-name server rpms (i would > strongly recommend to upgrade to rh 9.0 since the > original 7.2 has security punctured bind). > > 5. I assume you will need to run proxy, Install all > rpms of squid on the server.For access control use > squidguard. > > 6.In addition to this, if you would want internal > systems to connect directly to the net, using your > linux box as gw. > 6.a - to all machines on your lan make add the > gateway as 192.168.1.1(ip of yr linux box) > > 6.b - in all your machines on your lan, make the > dns as 192.168.1.1(ip of yr linux box) > > 6.c A simple and correct method would be to run > the linux box as dhcp server (on eth0) and boot all > windoze from this - so that the above config is not > required on client side. > 6.d. execute - echo "1" > > /proc/sys/net/ipv4/ip_forward (this will allow your > linux box to masq) > > 6.e. Now you need to add rules so that your > internal users can go outside ( i am assuming u r > going to use ipchains in 7.2) > ipchains -F (flush) > ipchains -X (remove rules) > ipchains -A forward -s 192.168.1.0/255.255.255.0 -d > 0.0.0.0/0.0.0.0 -j MASQ (Allow all source > 192.168.1.0 to talk to any outside 0.0.0.0/0.0.0.0) > > You can ofcourse add more filters as you go along. > > Thats it - you are on. > > 7. If you need people from outside to come into your > network (gosh! Cant be dumber than this) u will need > to add rules in reverse direction. > > 8. Use webmin, to configure above, it will make your > life so much more simpler. > > > regards, > alok sinha > > >>End of Messege<< > -----Original Message----- > From: > [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Behalf Of Lokesh Bhog > Sent: Monday, August 18, 2003 10:15 PM > To: The Linux-Delhi mailing list > Subject: Re: [ilugd] NAT & DNS on 7.2 ? > > Try using similar commands using iptables. > > > The error message seems to indicate that the > settings > in kernel are not done > to support ipchains. Either. > a) Use redhat linux 9.0 or 7.3 or 8.0 with iptables > b) Use iptables instead of ipchains > c) Recompile the kernel and use ipchains. > d) It may be a problem on how you have installed > linux > or are giving the > commands therefore, such error messages are > appearing. > Please share what > commands you are giving. > e) Use redhat linux 7.1 - I had tested these things > on > that version and it > used to work without any problem. > > Lokesh > ----- Original Message ----- > From: "Shailesh J. Kumar" <[EMAIL PROTECTED]> > To: "The Linux-Delhi mailing list" > <[EMAIL PROTECTED]> > Sent: Monday, August 18, 2003 7:20 AM > Subject: RE: [ilugd] NAT & DNS on 7.2 ? > > > > Hi, > > > > I did the needful but was unable to do so coz of > the > following error. > > > > When I flush the ipchains its giving an error > "ipchains: Incompatible with > this Kernel" > > > > And when I make an entry to the existing ipchains > it > gives "ipchains: > Protocol is not available" > > > > I am using Red Hat 7.2 (Enigma) 2.4.7-10 #1 Thu > Sep6 > 17:27:27 EDT 2001 > i686 > > > > How do I resolve the problem? I need to setup the > gateway system ASAP as > there is no backup and the Main router IOS got > Corrupt. > > > > Shailesh > > > > -----Original Message----- > > From: > [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Behalf Of > Alok Sinha > > Sent: Tuesday, August 12, 2003 5:35 PM > > To: The Linux-Delhi mailing list > > Subject: Re: [ilugd] NAT & DNS on 7.2 ? > > > > Shailesh, > > > > Try this. > > > > 1. Take two ethernet cards (though u can do with > one > also, but for > > security purposes) > > > > 2. Put on eth0 your local network - lets say > 192.168.1.* lets say - > > 192.168.1.1 (rest of your windoze cud be on > 192.168.1.*) > > > > 3. Put on your eth1 for isp. Now if the isp gives > === message truncated === __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com _______________________________________________ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
