-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hi there,
Recently I play with iptables and try to make ip masquerade work
on my firewall. I copied and modified the script slightly as HOWTO,
but when I try to ping or connect the external network from internal
network, it always tells me that external ip is unreachable. Would
you mind help me check my script? Thanks a lot!!!!
#!/bin/sh
# external network interface: eth0
EXTINF=eth0
EXTIP=169.237.74.8
# internal network interface: eth1
INTINF=eth1
INTIP=192.168.30.1
IPTABLES=/sbin/iptables
/sbin/depmod -a
/sbin/modprobe ipt_MASQUERADE
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_ftp
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
"$IPTABLES" -F
echo " - Resetting the firewall policy and flush all rules"
"$IPTABLES" -P INPUT ACCEPT
"$IPTABLES" -F INPUT
"$IPTABLES" -P OUTPUT ACCEPT
"$IPTABLES" -F OUTPUT
"$IPTABLES" -P FORWARD DROP
"$IPTABLES" -F FORWARD
echo " - Forward: allow all connection OUT and existing connection IN"
"$IPTABLES" -A FORWARD -i "$EXTINF" -o "$INTINF" -m state --state ESTABLISHED,RELATED
-j ACCEPT
"$IPTABLES" -A FORWARD -i "$INTINF" -o "$EXTINF" -j ACCEPT
"$IPTABLES" -A FORWARD -j LOG
echo " - Enable SNAT (Masquerade)"
"$IPTABLES" -t nat -A POSTROUTING -o "$EXTINF" -j SNAT
#"$IPTABLES" -t nat -A POSTROUTING -o "$EXTINF" -j MASQUERADE
"$IPTABLES" -L
Jimmy
____________________________________________________________
Jingmin (Jimmy) Zhou
E-mail : [EMAIL PROTECTED] ICQ : 19587415
The future is not set. There is no fate but what we make
for ourselves. - Terminator II, Judgement Day
____________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (IRIX)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjt6/BIACgkQZ1kuLJJ1tnLhQACgtUn0wYh4UAOY+bzehvh0fx73
AfYAoM6pLhUydx6IGD2WbCF3L8kTT9sN
=4yNX
-----END PGP SIGNATURE-----
