help building nat/firewall script

[Jörgen Johansson]

On Saturday 21 July 2001 23:12, you wrote:
> I'm trying to build a relatively simple firewall/nat script for my
> computer.  Right now, I want two computers in my house to share a ppp
> connection.  But mainly, I want to have a good, secure firewall
> working when I go back to school and will have the same setup with a
> cablemodem.
>
> 	http://www.students.uiuc.edu/~garman/firewall.txt
>
> Right now, if I run this script on my machine with an established ppp
> connection, I can use *my computer* normally (i.e., all of my
> internet functionality is there), but I cannot communicate with the
> other computer on my LAN (can't ping it, it can't ping me, and
> obviously it can't use my dialup connection).

Matt you need some rules in your FORWARD Chain to let users of local net
go to the outside.

# FORWARD chain
#
# establish the basic FORWARD chain and let anything local get out
# but dont accept any new connections from outside.
#
IPT="/sbin/iptables"
# let any packet comming from local interface out
$IPT -A FORWARD -i $INT_DEV -j ACCEPT
# dont accept new connections only connections that
# already has seen traffic from local net
$IPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# loc anyting else as POLICY is DROP
$IPT -A FORWARD -m limit $LIMITS --log-prefix "FORWARD_PKT_killed: "

Hope it helps