Hi Here is the script I use on my server to act as a gateway and firewall. Server IP is 192.168.10.2, local net is 192.168.10.x, external IP changes and is defined as $EXTIP. The script is a bit tatty cos I've modified it a lot, but it works. :o) I think section 3 is what you are looking for... I hope this helps, Andrew ----<SNIP>---- #!/bin/bash # # fwgw script # # Combined firewall & gateway for linux kernels 2.2.x (and above?) # by Andrew Smith (fwgw@andrew.dabsol.co.uk) # # (c) Copyright 2000 # # Published under the GNU License # # Usual liability sham - don't blame me if this don't work :o) # # # echo "1. Initalising: Setting variables..." EXTIP=`/sbin/ifconfig ppp0 | grep inet | awk '{print $2}' | awk '{FS=":"}END{ print $2}'` echo " ...and flushing existing rulsets..." ipchains -F ipchains -P input ACCEPT ipchains -P forward ACCEPT ipchains -P output ACCEPT echo " ...done!" echo "2. Allow all local traffic..." ipchains -A input -i eth0 -s 192.168.10.0/24 -d 192.168.10.0/24 -j ACCEPT ipchains -A input -i lo -s 192.168.10.2 -j ACCEPT ipchains -A input -i lo -s 127.0.0.1 -j ACCEPT echo " ...done!" echo "3. Set up internet gateway..." ipchains -A forward -s 192.168.10.0/24 -j MASQ ipchains -A forward -d 192.168.10.0/24 -j MASQ echo 1 > /proc/sys/net/ipv4/ip_forward echo " ...done!" #ipchains -l -A input -p tcp -s 213.122.219.103 -j ACCEPT #ipchains -l -A input -p tcp -s 213.122.219.103 -y -j ACCEPT echo "4. Allow incomming connections to/from local net..." ipchains -A input -p tcp -i eth0 -s 192.168.10.0/24 -y -j ACCEPT ipchains -A input -p tcp -i eth0 -d 192.168.10.0/24 -y -j ACCEPT #echo " ...dont drop ident packets - reject them instead..." #ipchains -A input -p TCP --dport auth -l -j REJECT #ipchains -l -A input -p tcp -s 62.31.245.68 -j ACCEPT echo " and, apart from ports:" echo " 20 & 21 (ftp)..." ipchains -l -A input -p tcp -d $EXTIP 20 -y -j ACCEPT ipchains -l -A input -p tcp -d $EXTIP 21 -y -j ACCEPT ipchains -l -A input -p tcp -s 0/0 20 -y -j ACCEPT ipchains -l -A input -p tcp -s 0/0 21 -y -j ACCEPT echo " 25 (smtp)..." ipchains -l -A input -p tcp -d $EXTIP 25 -y -j ACCEPT echo " 80 (www)..." ipchains -l -A input -p tcp -d 0/0 80 -y -j ACCEPT #echo " 119 (news)..." #ipchains -l -A input -p tcp -d 0/0 119 -y -j ACCEPT #echo " 27010 & 27015 & 27016 (halflife)..." #ipchains -l -A input -p tcp -d 212.56.64.64 27010 -y -j ACCEPT #ipchains -l -A input -p tcp -d 212.56.64.64 27015 -y -j ACCEPT #ipchains -l -A input -p tcp -d 212.56.64.64 27016 -y -j ACCEPT echo " block incomming connections from the internet..." ipchains -l -A input -p tcp -y -j DENY echo " ...done!" echo "5. Allow incomming packets from ports:" echo " 80 (www)..." ipchains -A input -p tcp -s $EXTIP 80 -j ACCEPT echo " 443 (secure www)" ipchains -A input -p tcp -s $EXTIP 443 -j ACCEPT echo " 20 & 21 (ftp)..." ipchains -A input -p tcp -s $EXTIP 20 -j ACCEPT ipchains -A input -p tcp -s $EXTIP 21 -j ACCEPT insmod ip_masq_ftp echo " 25 (smtp)..." ipchains -A input -p tcp -s $EXTIP 25 -j ACCEPT echo " 110 (pop3)..." ipchains -A input -p tcp -s $EXTIP 110 -j ACCEPT echo " 119 (news)..." ipchains -A input -p tcp -s $EXTIP 119 -j ACCEPT echo " 42 (nameserver)..." ipchains -A input -p tcp -s $EXTIP 42 -j ACCEPT echo " 53 (domain)..." ipchains -A input -p tcp -s $EXTIP 53 -j ACCEPT ipchains -A input -p udp -s $EXTIP 53 -j ACCEPT echo " 5190 (icq)..." ipchains -A input -p tcp -s $EXTIP 5190 -j ACCEPT echo " but deny everything else..." #ipchains -P input DENY echo " ...done!" echo "6. And just in case we are paranoid :o)..." echo " block all other ports from internet..." ipchains -l -A input -i ppp0 -p tcp -d 0/0 0:1023 -j DENY ipchains -l -A input -i ppp0 -p udp -d 0/0 0:1023 -j DENY echo " ...done!" echo "" echo "All Done! :o)" ----</SNIP>---- -----Original Message----- From: Linux News User [mailto:linux@ods.co.cr] Sent: 18 April 2001 15:44 To: suse-linux-e@suse.com Subject: [SLE] Help with a making NAT example Hi guys ! I need to make a NAT Services to allow my internal machines surf to the Internet This are example data: Private ip is: Eth0 10.10.10.10/255.255.255.0 Public ip is: Eth1 196.40.25.81/255.255.255.248 And could any body PLEASE !! :) tell me how do I do a NAT using that configuration ? If any one could send me an example I will be more that happy ! thanks in advice -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com