You can try and look into my rc.firewall file, that works on 012.net at AZTV. Bear in mind, that this is a constant connection, due to my (and the supporters) lack of success to connect through VPN:
## start of rc.firewall
## define IPTABLES for late use
IPTABLES="/sbin/iptables"
##
## define the network card used for exit
EXTIF=eth0
##
#INTIF=eth0
## loading modules needed for handling iptables and security
/sbin/insmod ip_tables
/sbin/insmod ip_conntrack
/sbin/insmod ip_conntrack_ftp
/sbin/insmod ip_conntrack_irc
/sbin/insmod iptable_nat
/sbin/insmod ip_nat_ftp
/sbin/insmod ipt_mark
/sbin/insmod ipt_tcpmss
/sbin/insmod ipt_limit
/sbin/insmod ipt_multiport
/sbin/insmod ipt_state
/sbin/insmod ipt_unclean
/sbin/insmod iptable_filter
/sbin/insmod iptable_mangle
##
##sets the forwarding option 'on'
echo "1">/proc/sys/net/ipv4/ip_forward$IPTABLES -t nat -A POSTROUTING -o eth2 -j MASQUERADE
##
## security definitions, removed by someone who knows more than me...
#$IPTABLES -P INPUT ACCEPT
#$IPTABLES -F INPUT
#$IPTABLES -P OUTPUT ACCEPT
#$IPTABLES -F OUTPUT
#$IPTABLES -P FORWARD DROP
#$IPTABLES -f FORWARD
#$IPTABLES -t nat -F
#$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
#$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
#$IPTABLES -A FORWARD -j LOG#
##
## telling IPTABLES to route all incoming traffic to EXTIF (eth2 in my case).
## it doesn't matter to this niffty script where the traffic comes from.
## cool, ain't it?
## I would have given you the name of the one who gave it to me, but if it
## won't work, i'd prefer to take the blame myself...
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
##
## the "server" has 3 NIC's: eth0 to the cable modem, and eth1+2 to 2 PC's,
## that can't communicate with each other (except ping), without this line:
##$IPTABLES -t nat -A POSTROUTING -o eth2 -j MASQUERADE
##
## oh, for me it worked on RH8 and Debian Sarge, so it shoud work just as well on MDK.
##
## Good luck!
## [EMAIL PROTECTED]
## end of rc.firewall
On Fri, 9 Jan 2004 04:38:17 +0200, Elad Almadoi - Xtream Internet Services <[EMAIL PROTECTED]> wrote:
Hey,
Your default getway sholud be your ISP's gateway, not the modem or something
like this.
When the machine try to send a packet thru that gateway, it moving the
packet to the modem and it allow packets going to the gateway.
I used to have cables with Motorola Surfboard 4100 and it was greet as long
as it held..But if I may give you an advice, you may wish ask your ISP to
connect you thry AZTV's NAT, so THERE's router will dial-up and you'll get
the real ip (like, 212.143.x.x or something) thru eth0 and won't have to
dial and dont need ppp0.
Hopefully I helpd,
Elad
Hi folks. I have a couple of questions regarding the use of IPTables alongside with the Israeli way of cables connection (PPTP on top of DHCP). Now, I`m using Firehol (http://firehol.sourceforge.net) to make IPTables configuration easier, however, adjusting the resulting script isn't a problem.
My confusion stems mainly from the fact that when establishing the connection, two interfaces related to the connection are created. eth0 is created when entering AZTV's local loop after getting an IP from the DHCP server, and afterwards, ppp0 is created after connecting to the ISP's server inside the local loop. What I wanted to know, when configuring ppp0, should I tell the firewall to route the packets through eth0? This is according to the routing configuration, since packets sent to the ISP's gateway are indeed routed through the local loop gateway. I tried setting this up ignoring the routing options, however, communication with the outside world promptly failed upon this. I am guessing that the packets weren't being routed correctly.
Is anyone here using IPTables with a cables connection? I'd love to see how.
-- Regards, Itamar Ravid.
================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
-- Dotan Mazor http://dotan.run.to 064-432950 ICQ# 9172054
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
