Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Daniel Pielmeier <daniel.pielmeier@××××××××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Setting up a home router
Date: Mon, 15 Jan 2007 00:34:03
Message-Id: 6142e6140701141628wb031981t4200f5bc60c2f848@mail.gmail.com
In Reply to: Re: [gentoo-user] Setting up a home router by Dale
1 > I used this script a long time ago. It worked until iptables got
2 > changed. It still worked but it gave a few errors. Maybe some guru can
3 > look at this and update it for us both. Then maybe I can get someone to
4 > upgrade the script on the site. I had to edit the very first bit about
5 > which interface is what. Here it is:
6
7 I have tested your script! Do you get an error like this:
8 iptables v1.3.5: unknown protocol `ssh' specified
9
10 I am not sure if it is right but i have replaced this line
11
12 $IPTABLES -A INPUT --protocol ssh --dport 22 -j ACCEPT
13 by
14 $IPTABLES -A INPUT --protocol tcp --dport 22 -j ACCEPT
15
16 and the error disappears.
17
18 For me using this iptable rules didn't work, i still can't ping the
19 internet rom my desktop and also get the error message by the
20 ntp-client on my desktop.
21
22 Any other suggestions!
23
24
25
26
27 Here is how i changed the script to fit my needs!
28
29 #!/bin/bash
30
31 IPTABLES='/sbin/iptables'
32
33 # Set interface values
34 EXTIF='ppp0'
35 #INTIF0='eth0'
36 INTIF1='eth0'
37 INTIF2='eth1'
38
39 # enable ip forwarding in the kernel
40 /bin/echo 1 > /proc/sys/net/ipv4/ip_forward
41
42 # flush rules and delete chains
43 $IPTABLES -F
44 $IPTABLES -X
45
46 # enable masquerading to allow LAN internet access
47 $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
48
49 # forward LAN traffic from $INTIF1 to Internet interface $EXTIF
50 $IPTABLES -A FORWARD -i $INTIF1 -o $EXTIF -m state --state
51 NEW,ESTABLISHED -j ACCEPT
52
53 # forward LAN traffic from $INTIF2 to Internet interface $EXTIF
54 $IPTABLES -A FORWARD -i $INTIF2 -o $EXTIF -m state --state
55 NEW,ESTABLISHED -j ACCEPT
56
57 #echo -e " - Allowing access to the SSH server"
58 $IPTABLES -A INPUT --protocol tcp --dport 22 -j ACCEPT
59
60 #echo -e " - Allowing access to the HTTP server"
61 $IPTABLES -A INPUT --protocol tcp --dport 80 -j ACCEPT
62
63 # block out all other Internet access on $EXTIF
64 $IPTABLES -A INPUT -i $EXTIF -m state --state NEW,INVALID -j DROP
65 $IPTABLES -A FORWARD -i $EXTIF -m state --state NEW,INVALID -j DROP
66 --
67 gentoo-user@g.o mailing list

Replies

Subject Author
Re: [gentoo-user] Setting up a home router Thomas Lingefelt <tomtechguy@×××××.com>
Re: [gentoo-user] Setting up a home router Dale <dalek@××××××××××.net>
Report Message
Find on MARC Find on Google Groups