help building nat/firewall script
Sun, 22 Jul 2001 14:11:03 +0200
On Saturday 21 July 2001 23:12, you wrote:
> I'm trying to build a relatively simple firewall/nat script for my
> computer. Right now, I want two computers in my house to share a ppp
> connection. But mainly, I want to have a good, secure firewall
> working when I go back to school and will have the same setup with a
> Right now, if I run this script on my machine with an established ppp
> connection, I can use *my computer* normally (i.e., all of my
> internet functionality is there), but I cannot communicate with the
> other computer on my LAN (can't ping it, it can't ping me, and
> obviously it can't use my dialup connection).
Matt you need some rules in your FORWARD Chain to let users of local net
go to the outside.
# FORWARD chain
# establish the basic FORWARD chain and let anything local get out
# but dont accept any new connections from outside.
# let any packet comming from local interface out
$IPT -A FORWARD -i $INT_DEV -j ACCEPT
# dont accept new connections only connections that
# already has seen traffic from local net
$IPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# loc anyting else as POLICY is DROP
$IPT -A FORWARD -m limit $LIMITS --log-prefix "FORWARD_PKT_killed: "
Hope it helps