Mailing List Archive

Support open source code!


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: networking trouble



Sorry, I couldnt keep up with the thread earlier.

The key thing to note is that IP Forwarding has to be enabled on the box doing NAT.
Its disabled by default on most boxes and you will need to do this:

            echo 1 > /proc/sys/net/ipv4/ip_forward

or in '/etc/sysctl.conf' change this:
            net.ipv4.ip_forward = 0
to this:
            net.ipv4.ip_forward = 1


Assuming that you use "10.0.0.0/24" for your internal boxes, these are the rules I
would use:

iptables -P INPUT DROP
iptables -A INPUT -s 10.0.0.0/24 -p icmp -j ACCEPT
iptables -A INPUT -s 10.0.0.0/24 -p tcp --destination-port 22 -j ACCEPT

iptables -P FORWARD DROP
iptables -A FORWARD -s 10.0.0.0/24 -j ACCEPT
iptables -A FORWARD -d 10.0.0.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -j SNAT --to-source 192.168.1.83

iptables -P OUTPUT DROP
iptables -A OUTPUT -d 10.0.0.0/24 -p icmp -j ACCEPT
iptables -A OUTPUT -d 10.0.0.0/24 -p tcp --source-port 22 -j ACCEPT


asz


B0Ti wrote:

> "A.Sajjad Zaidi" wrote:
>
> > And yes, I did manage to get this setup, including NAT, working without problem
> > inside VMware.
>
> Then why don't you tell me more about this?!  I have been spending a whole night
> without success.
> I would appreciate some hints at least.
>
> B0Ti
>
> -----------------------------------------------------------------------
> Next Technical Meeting:  Sat, May 12 13:30-
> Next Nomikai Meeting:    Fri, June (TBA) 19:30- Tengu Tokyo Eki Mae
> -----------------------------------------------------------------------
> more info: http://www.tlug.gr.jp           Sponsor: Global Online Japan

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links