Hi,
I'm trying to setting up a Linux Computer as my LAN gateway to
Internet. Later, i will use this computer like a squid-proxy, but by
now, it should only forward packets in and out of my LAN without
masquerading (i will use my class C segment), and that's it.
I took the rc.firewalls rules as a base for create gateway and it works,
but even if i only have one computer connected to the gateway the
internet access is a little slow . The internet access in the linux pc
is fast but in the other one(s) connected is not that fast, when i try
to check a web page it takes a moment to process and later when it
displays the website, and the images can take long time to show.
The rules i'm using are these:
--------------------------------
#!/bin/sh
#
echo -e "\n Loading Firewalling Rules \n"
IPTABLES=/sbin/iptables
UNIVERSE="0.0.0.0/0"
INTIF="eth1"
EXTIF="eth0"
echo " Enabling forwarding.. "
echo "1" > /proc/sys/net/ipv4/ip_forward
echo " Clearing existing rules... "
$IPTABLES -P INPUT DROP
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT DROP
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -F -t nat
$IPTABLES -X
$IPTABLES -Z
$IPTABLES -A INPUT -s $UNIVERSE -d $UNIVERSE -j ACCEPT -v
$IPTABLES -A OUTPUT -s $UNIVERSE -d $UNIVERSE -j ACCEPT -v
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT -v
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT -v
This settings are enough ? Do i need somethig more ?
I'll appreciate a lot any help,
Karina
