Internet Sharing in Linux / NAT How to

[vlinux1]

hi  gaurav  & ricky

I did all procedure. but iwant to know i have direct ip on my linux box so what i need to change in that script please tell me.

and one more if we configure nat firewall must be up or not without fire wall can it is possible. because i configure high firewall on default rules but i stopped service /etc/init.d/iptables stop command. please tell me in details

[Ricky]

That script especially works for devices having dynamic ips.. , it will still work for you, just change ppp0 with ethX which is directly connected to internet.

Without firewall it will work..
Actually NAT do packet movement in and out without knowing who is doing it.. so it can be security breach. So i suggested to use firewall.. but with default firewall it will not work..
either u install firestarter and do NAT also using that. ..
or use premade firewall script available easily on internet.

[renato]

Hello pals,
Great tutorial, but I'm also concerned about security, so I'd like to know if you can give us some more specific details how to get a firewall installed and configured.
Where can we get your firewall script?
How to install it and configure it so it'll work with this NAT setup?
Have you tested other firewalls such as APF?
http://www.r-fx.org/apf.php

cheers,

renato

[Ricky]

not used that one..
i prefer to made script my self according to my need.

[renato]

Hi Ricky,
Where can I find the firewall script you are mentioning a couple of posts above?
I'd like to integrate it with this NAT solution so the system and the LAN are protected.

cheers

[taiwo]

.pls does the explanation regarding the NAT also applicable to those using DSL. 'cos i saw ppp in the syntax.[/url]

[Ricky]

when you are connectied to internet then run "ifconfig" and if it shows ur DSL as eth1 or eth0 then change ppp0 to that one and if it shows it to ppp0 then keep it ppp0 !

[anybody1234]

Hello

I have requirement in iptables rules as follows

I would need a script for iptables with some configuration option such that
I should be able to make changes in the iptables script for allowing  or disallowing requests made by specifc clients on specifid ports
Suppose My cleints have their default gateway set as my linux box

What I would like is block/disallow requests made by clients on ports
80 while allow the requests made on port 25 ,110

But What I would like to have is some granularity ie
If the requests come from specific IP addresses  I should have the option of allowing them directly thru port 80  

Would anybody please give me step by step process assumimg that I am starting from scratch
I also remember I saw a simliar script in this forum which almost does the same but I can't locate where it is now

[anybody1234]

To be more specififc I would use the following commands

Please Let me know If I go wrong anywhere

echo "1" > /proc/sys/net/ipv4/ip_forward

for forwarding packets
and Iptables masquerading rle as
#######################################
iptables -t nat -A POSTROUTING -j MASQUERADE
#####################################
/usr/sbin/iptables-save
##########very imp
iptables-save  > /etc/sysconfig/iptables.rules


Now all teh requests thru my gateway would be allowed
FOr blocking requests made on port 80 by all  would add folloing rule
###******** this rule blocks all requests coming on port 80 ******************
iptables -A FORWARD -i eth0 -p tcp -m tcp --dport 80 -j DROP
#*****************************************************

Now I would like to make an exception for IP addresses 192.168.0.82, 192.168.0.110

I would add rule

iptables -A FORWARD -i eth0 -p tcp -m tcp -s ! 192.168.0.82,192.168.0.110 --dport 80 -j DROP

Now at any stage I felt I ned to remove this rule what I would have done manually is

iptables -D FORWARD -i eth0 -p tcp -m tcp --dport 80 -j DROP
and
iptables -D FORWARD -i eth0 -p tcp -m tcp -s ! 192.168.0.82,192.168.0.110 --dport 80 -j DROP

Now I want a script to do the same thing with start stop  option
I think our experts can give me a simple script to do the same

[Ricky]

Basically this thread is about discussing the NAT in linux. I request you to start a new thread in General networking section about this firewall stuff. The thing you have asked is simple but will take little time sO I think it will be better to discuss it separately to give it full preference. BTW.. you are right. I have already given so many solutions for it that you can find answer already posted in forum so better try to find once more else I m here always to solve the problems which I can solve.

[ruejos08]

Will the transparent proxy solve my problem?

My squid is already running(not transparent) but i cannot access my pop3 mail trough my windows client using outlook express.
Heres the error I encountered in my windows client!
Protocol POP3: Port 110 , Secure (SSL): No, Socket Error: 11004, Error Number: 0x800ccc0D
Please help.

[protyne]

Hi Ricky,

My ISP provides a DNS server IP. How do I set it on my Linux-NAT so that my DHCP server only need to dish out IP, Subnet Mask and Gateway only with DNS queries being handled by the Linux-NAT?

Thank you!

[dedi]

Yes..
by this method ie NAT you can do all you want !

 
particurarly when your ISP set TTL=1  :wink:

[arvindsony]

thanks info