amilivojevic at pbl.ca
Tue Sep 28 17:17:13 CEST 2004
John Black wrote:
> eth0 220.127.116.11
> eth0:0 18.104.22.168 (i hope)
> eth1 192.168.1.1
So, eth0 is your external interface with two IP addresses assigned to
it, and eth1 is interface to your local network? Don't hope if the
interface has an address assigned. Check it with "ifconfig" or "ip
Access to the Internet from the firewall box will work out of the box.
Linux will use address of eth0 for all packets that are to leave the box
out of eth0.
To allow hosts on your local network to access the internet, you need to
enable forwarding and define simple NAT rule:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/16 -j SNAT
If you wanted to allow access *from* the Internet to one of the hosts on
your local network (that doesn't have public IP address), than you would
use DNAT target.
> this is how it was shown in the double nat howto. so i was
> trying to take that and make it work for a signle.
Howtos are nice, but having an understanding on how things work should
be priority. Otherwise you end up with configuration that you have no
idea what it is doing. And that is a very bad thing, especially when
building an firewall.
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the netfilter