On Sat, 2004-04-03 at 13:54, Amanda wrote:
> > If I rewrite the above to this, I think it will do what I want.
> > # route add -host 10.0.0.150 dev ppp0
> > # iptables --insert PPPconn 1 --source 0.0.0.0/0.0.0.0 \
> > --destination 10.0.0.150/32 --jump ACCEPT --out-interface ppp0
> > # iptables --insert INPUT 1 --source 10.0.0.150/32 \
> > --destination 0.0.0.0/0.0.0.0 --jump ACCEPT --in-interface ppp0
> > # iptables --insert FORWARD 1 --source 0.0.0.0/0.0.0.0 \
> > --destination 10.0.0.150/32 --jump ACCEPT --out-interface ppp0
> > # iptables --insert FORWARD 1 --source 10.0.0.150/32 \
> > --destination 0.0.0.0/0.0.0.0 --jump ACCEPT
> > # iptables --table nat --append POSTROUTING --out-interface ppp0 \
> > --jump MASQUERADE
> > # iptables --append FORWARD --protocol tcp \
> > --tcp-flags SYN,RST SYN --jump TCPMSS --clamp-mss-to-pmtu
> >
>
> Well, I went ahead & did this, and it mostly works. I can ping 10.0.0.150, and
> from my windows machine on the local Lan, I can map a shared drive on 10.0.0.150.
>
> Can't get my browser to connect to the web-server on it though.
>
> Now, how doI make these firewall rules permanent.
I'm no firewalling ninja, but on most systems you can do
service iptables save
and it will write a file in /etc/sysconfig that the iptables service
will read on system startup. It will use the iptables-save command,
which is worth looking at if your system doesn't provide the interface
to it from the iptables service script.
HTH
James.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
