From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.62)
	(envelope-from <gentoo-user+bounces-58425-garchives=archives.gentoo.org@gentoo.org>)
	id 1H6FnW-0003Uy-Mc
	for garchives@archives.gentoo.org; Mon, 15 Jan 2007 00:34:03 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.8/8.13.8) with SMTP id l0F0WlhB031081;
	Mon, 15 Jan 2007 00:32:47 GMT
Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.227])
	by robin.gentoo.org (8.13.8/8.13.8) with ESMTP id l0F0SEKS031842
	for <gentoo-user@lists.gentoo.org>; Mon, 15 Jan 2007 00:28:14 GMT
Received: by wx-out-0506.google.com with SMTP id i30so2295962wxd
        for <gentoo-user@lists.gentoo.org>; Sun, 14 Jan 2007 16:28:14 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=googlemail.com; s=beta;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=uW0E8iDlNEuXE5O6geoJmnLIZBG8L18HxGQzVw8mKz3f0vsXuLPBnHcSNEirE3r+nzcB5+FcfcaEUUReJSHiAUN48UaI2nlKGcn5MCxkTF/fKJju792/laLiY90O1OkbkwIZWZwvOJl3lXH39GK09d74GGI8lSxY4hIxdFbZYIE=
Received: by 10.90.34.3 with SMTP id h3mr2412113agh.1168820894054;
        Sun, 14 Jan 2007 16:28:14 -0800 (PST)
Received: by 10.90.56.8 with HTTP; Sun, 14 Jan 2007 16:28:13 -0800 (PST)
Message-ID: <6142e6140701141628wb031981t4200f5bc60c2f848@mail.gmail.com>
Date: Mon, 15 Jan 2007 01:28:13 +0100
From: "Daniel Pielmeier" <daniel.pielmeier@googlemail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Setting up a home router
In-Reply-To: <45AAB2A7.5070201@exceedtech.net>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <6142e6140701141127ke803445jb5d9a89f8fa523a@mail.gmail.com>
	 <45AAB2A7.5070201@exceedtech.net>
X-Archives-Salt: 9326d5aa-888c-4b24-956c-8c7859230824
X-Archives-Hash: 198a357c5de57ac3001fad40324c3128

> I used this script a long time ago.  It worked until iptables got
> changed.  It still worked but it gave a few errors.  Maybe some guru can
> look at this and update it for us both.  Then maybe I can get someone to
> upgrade the script on the site.  I had to edit the very first bit about
> which interface is what.  Here it is:

I have tested your script! Do you get an error like this:
iptables v1.3.5: unknown protocol `ssh' specified

I am not sure if it is right but i have replaced this line

$IPTABLES -A INPUT --protocol ssh --dport 22 -j ACCEPT
by
$IPTABLES -A INPUT --protocol tcp --dport 22 -j ACCEPT

and the error disappears.

For me using this iptable rules didn't work, i still can't ping the
internet rom my desktop and also get the error message by the
ntp-client on my desktop.

Any other suggestions!




Here is how i changed the script to fit my needs!

#!/bin/bash

IPTABLES='/sbin/iptables'

# Set interface values
EXTIF='ppp0'
#INTIF0='eth0'
INTIF1='eth0'
INTIF2='eth1'

# enable ip forwarding in the kernel
/bin/echo 1 > /proc/sys/net/ipv4/ip_forward

# flush rules and delete chains
$IPTABLES -F
$IPTABLES -X

# enable masquerading to allow LAN internet access
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

# forward LAN traffic from $INTIF1 to Internet interface $EXTIF
$IPTABLES -A FORWARD -i $INTIF1 -o $EXTIF -m state --state
NEW,ESTABLISHED -j ACCEPT

# forward LAN traffic from $INTIF2 to Internet interface $EXTIF
$IPTABLES -A FORWARD -i $INTIF2 -o $EXTIF -m state --state
NEW,ESTABLISHED -j ACCEPT

#echo -e "       - Allowing access to the SSH server"
$IPTABLES -A INPUT --protocol tcp --dport 22 -j ACCEPT

#echo -e "       - Allowing access to the HTTP server"
$IPTABLES -A INPUT --protocol tcp --dport 80 -j ACCEPT

# block out all other Internet access on $EXTIF
$IPTABLES -A INPUT -i $EXTIF -m state --state NEW,INVALID -j DROP
$IPTABLES -A FORWARD -i $EXTIF -m state --state NEW,INVALID -j DROP
-- 
gentoo-user@gentoo.org mailing list