eth0 - connects to the internet eth1 - internal network with private ip addresses eth2 - internal network with routable ip's
What I want to do - eth0 has a routable ip and masquerades the internal network which enters eth1 (or eth2, I haven't plug in the cable yet :D); eth0:1 will route the network with valid ineternet ip addresses which enters eth2 to the internet (speaking of which, I assume I must input rules for eth0:1's ip address too, but in the iptables syntax is it allowed to refer to the alias as eth0:1 or I must use only its ip?) thanks, petre please enlighten me on the masquerading rules Quoting Antony Stone <[EMAIL PROTECTED]>: > On Saturday 08 June 2002 1:01 pm, [EMAIL PROTECTED] wrote: > > > echo "Cleaning ..." > > for i in filter nat mangle > > do > > $IPT -t $i -F > > $IPT -t $i -X > > done > > -F is a good idea, but you can't do -X (delete chain) on the built-in chains; > > only user-defined ones. > > > echo "Initial rules ..." > > $IPT -P INPUT ACCEPT > > $IPT -P OUTPUT ACCEPT > > $IPT -P FORWARD DROP > > I would recommend setting default policy on your INPUT chain to DROP as well, > > and then allow in only what you want... > > > $IPT -t nat -A POSTROUTING -s 192.168.20.0/24 -o eth1 -j MASQUERADE > > $IPT -t nat -A POSTROUTING -d 192.168.20.0/24 -o eth1 -j MASQUERADE > > No, you only want the first one of these rules. I'm assuming that eth1 is > > your external interface. > > > echo -e "- Enabling SNAT (MASQUERADE) funtionality on eth0" > > $IPT -t nat -A POSTROUTING -o eth0 -j MASQUERADE > > Maybe I'm wrong in thinking that eth1 is your external interface ? Please > > can you tell us what eth0and eth1 are connected to (and where networks > 192.168.20.0 and 192.168.10.0 are connected ? > > > The rest looks pretty good to me. > > > Antony. >
