Hi! I enabled IP_FORWARDING in /etc/rc.config. Is that enough for Masquerading/NAT to work? As far as I know I have to use iptables/ipchains for masquerading. But I can't find iptables on my fresh installed SuSE 7.2 Pro. PC. Which SuSE package do I have to install in order to get iptables? Thanks! Best regards, Ming-Che -- ICQ#: 126097979
for iptables you need the iptables rpm (i believe its in the sec section on the suse ftp site, as is ipchains) just enabling ip_forwarding in rc.config is not enough. now you need to configure a firewall to pass packets and masquerade packets. with ipchains this is done with ipchains -F ipchains -P forward DENY ipchains -A forward -s 192.168.1.1/24 -j MASQ the structure for iptables would be very similar. what this does is flush any existing ipchains rules, then sets a default policy (-P) of denying any forwarding, then sets a rule to masquerade all packets from source (-s) 192.168.1.1/24 as being from the local machine and forwards them to the next hop in the network. this does not do any type of packet filtering or port filtering, although ipchains and iptables both can do that with more sophisticated rulesets. if this is all you need, put those lines in a file called rc.firewall in /etc/init.d, chmod 700 it, symlink it to a file in /etc/init.d/rc3.d (ln -s /etc/init.d/rc.firewall /etc/init.d/rc3.d/S99firewall) and the next time you startup your linux box they will load. On Wed, 19 Dec 2001, Ming-Che Lee wrote:
Hi!
I enabled IP_FORWARDING in /etc/rc.config. Is that enough for Masquerading/NAT to work?
As far as I know I have to use iptables/ipchains for masquerading. But I can't find iptables on my fresh installed SuSE 7.2 Pro. PC. Which SuSE package do I have to install in order to get iptables?
Thanks!
Best regards,
Ming-Che
-- ICQ#: 126097979
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
Chad Whitten Network/Systems Administrator neXband Communications cwhitten@nexband.com
Hi Chad, On Wednesday, 19. December 2001 06:58, dog@intop.net wrote:
for iptables you need the iptables rpm (i believe its in the sec section on the suse ftp site, as is ipchains)
An other kind reader of this list told me to get iptables at ftp://ftp.suse.com/pub/people/garloff/linux/SuSE/RPMS/
just enabling ip_forwarding in rc.config is not enough. now you need to configure a firewall to pass packets and masquerade packets. with ipchains this is done with
ipchains -F ipchains -P forward DENY ipchains -A forward -s 192.168.1.1/24 -j MASQ
the structure for iptables would be very similar. what this does is flush any existing ipchains rules, then sets a default policy (-P) of denying any forwarding, then sets a rule to masquerade all packets from source (-s) 192.168.1.1/24 as being from the local machine and forwards them to the next hop in the network. this does not do any type of packet filtering or port filtering, although ipchains and iptables both can do that with more sophisticated rulesets. if this is all you need, put those lines in a file called rc.firewall in /etc/init.d, chmod 700 it, symlink it to a file in /etc/init.d/rc3.d (ln -s /etc/init.d/rc.firewall /etc/init.d/rc3.d/S99firewall) and the next time you startup your linux box they will load.
Thank you very much for the great explanation! It's exactly what I was looking for! Best regards, Ming-Che -- ICQ#: 126097979
Il 01:48, mercoledì 19 dicembre 2001, Ming-Che Lee ha scritto:
Hi!
I enabled IP_FORWARDING in /etc/rc.config. Is that enough for Masquerading/NAT to work?
No, it's just the starting point
As far as I know I have to use iptables/ipchains for masquerading.
Right!
But I can't find iptables on my fresh installed SuSE 7.2 Pro. PC. Which SuSE package do I have to install in order to get iptables?
On 7.1 I had to install iptables (that was the name of the package, surprisingly). When you use it maybe you will have to do a modprobe ip_tables to make it work. Praise
participants (3)
-
dog@intop.net
-
Ming-Che Lee
-
Praise