Hi,
I have a small home LAN, where one machine (192.168.1.1) connects to the internet via dialup (no DSL here) and shares the connection with IP masquerading. To achieve this, I tried out various recipes found on the internet, and finally put this in /etc/rc.d/rc.local:
--8<------ rc.local ------------ #!/bin/sh # # This script will be executed *after* all the other init scripts. # You can put your own initialization stuff in here if you don't # want to do the full Sys V style init stuff.
touch /var/lock/subsys/local
# Setup IP Masquerading iptables -F; iptables -t nat -F; iptables -t mangle -F iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
# Secure it iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT iptables -P INPUT DROP iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT --8<---------------------------
I don't understand much about iptables. Documentation about it is on my TODO list (I'll keep it for after my death:oD).
Now I have a problem. I fiddled a bit with NFS, and I had a firewall-related problem with it. In short, when iptables (the firewall) runs, I can't do an NFS mount. But as soon as I stop it (service iptables stop), NFS mounts are possible.
Now what can I do to 1) go on sharing my ppp connection 2) be able to do NFS mounts while 3) still having a reasonable secure system?
Cheers,
Niki Kovacs