Hi, I have a small home LAN, where one machine (192.168.1.1) connects to the internet via dialup (no DSL here) and shares the connection with IP masquerading. To achieve this, I tried out various recipes found on the internet, and finally put this in /etc/rc.d/rc.local: --8<------ rc.local ------------ #!/bin/sh # # This script will be executed *after* all the other init scripts. # You can put your own initialization stuff in here if you don't # want to do the full Sys V style init stuff. touch /var/lock/subsys/local # Setup IP Masquerading iptables -F; iptables -t nat -F; iptables -t mangle -F iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE # Secure it iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT iptables -P INPUT DROP iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT --8<--------------------------- I don't understand much about iptables. Documentation about it is on my TODO list (I'll keep it for after my death:oD). Now I have a problem. I fiddled a bit with NFS, and I had a firewall-related problem with it. In short, when iptables (the firewall) runs, I can't do an NFS mount. But as soon as I stop it (service iptables stop), NFS mounts are possible. Now what can I do to 1) go on sharing my ppp connection 2) be able to do NFS mounts while 3) still having a reasonable secure system? Cheers, Niki Kovacs
On Tue, 2006-05-16 at 14:34 +0200, Niki Kovacs wrote:> Hi, > > I have a small home LAN, where one machine (192.168.1.1) connects to the > internet via dialup (no DSL here) and shares the connection with IP > masquerading. To achieve this, I tried out various recipes found on the > internet, and finally put this in /etc/rc.d/rc.local: > > --8<------ rc.local ------------ > #!/bin/sh > # > # This script will be executed *after* all the other init scripts. > # You can put your own initialization stuff in here if you don't > # want to do the full Sys V style init stuff. > > touch /var/lock/subsys/local > > # Setup IP Masquerading > iptables -F; iptables -t nat -F; iptables -t mangle -F > iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE > > # Secure it > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT > iptables -P INPUT DROP > iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT > --8<--------------------------- > > I don't understand much about iptables. Documentation about it is on my TODO > list (I'll keep it for after my death:oD). > > Now I have a problem. I fiddled a bit with NFS, and I had a firewall-related > problem with it. In short, when iptables (the firewall) runs, I can't do an NFS > mount. But as soon as I stop it (service iptables stop), NFS mounts are > possible. > > Now what can I do to 1) go on sharing my ppp connection 2) be able to do NFS > mounts while 3) still having a reasonable secure system?---- I think that you should look at David Ranch's scripts for iptables... http://www.ecst.csuchico.edu/~dranch/LINUX/ipmasq/c-html/firewall-examples.html#RC.FIREWALL-IPTABLES Craig
Hi, make sure you have a 1 in this file /proc/sys/net/ipv4/ip_forward echo "1" > /proc/sys/net/ipv4/ip_forward Other than that, everything looks alright. later Charles On Tuesday 16 May 2006 08:34, Niki Kovacs wrote:> Hi, > > I have a small home LAN, where one machine (192.168.1.1) connects to the > internet via dialup (no DSL here) and shares the connection with IP > masquerading. To achieve this, I tried out various recipes found on the > internet, and finally put this in /etc/rc.d/rc.local: > > --8<------ rc.local ------------ > #!/bin/sh > # > # This script will be executed *after* all the other init scripts. > # You can put your own initialization stuff in here if you don't > # want to do the full Sys V style init stuff. > > touch /var/lock/subsys/local > > # Setup IP Masquerading > iptables -F; iptables -t nat -F; iptables -t mangle -F > iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE > > # Secure it > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT > iptables -P INPUT DROP > iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT > --8<--------------------------- > > I don't understand much about iptables. Documentation about it is on my > TODO list (I'll keep it for after my death:oD). > > Now I have a problem. I fiddled a bit with NFS, and I had a > firewall-related problem with it. In short, when iptables (the firewall) > runs, I can't do an NFS mount. But as soon as I stop it (service iptables > stop), NFS mounts are possible. > > Now what can I do to 1) go on sharing my ppp connection 2) be able to do > NFS mounts while 3) still having a reasonable secure system? > > Cheers, > > Niki Kovacs > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos