• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 479
  • Last Modified:

What is the minimum command set to enable NAT on a linux box using iptables and a cable modem.

On a linux box with eth0 configured for 192.168.111.254/24 and eth1 connected to a cable modem (DHCP), is this the minimum command set to enable NAT and allow the machines on 192.168.111.0/24 to connect to the internet? (Kern = 2.6.9)

$> modprobe ipt_MASQUERADE
$> iptables -F; iptables -t nat -F; iptables -t mangle -F
$> iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
$> echo 1 > /proc/sys/net/ipv4/ip_forward
0
intreeg
Asked:
intreeg
2 Solutions
 
wesly_chenCommented:
Hi,

   I'm not sure this is minimum command set or not. It looks ok and neat to me.

> (Kern = 2.6.9)
Are you using Fedora?

Wesly
0
 
paranoidcookieCommented:
Have a look at

# Load the NAT module (this pulls in all the others).
modprobe iptable_nat

# In the NAT table (-t nat), Append a rule (-A) after routing
# (POSTROUTING) for all packets going out eth1 (-o eth1) which says to
# MASQUERADE the connection (-j MASQUERADE).
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

from the following website
http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO-4.html

Make sure your linux hasnt already got some sort of firewall in the wal by flushing the tables first
0
 
intreegAuthor Commented:
I am using SuSE 9.1 with recompiled kern.

It appears that you are both right in your own ways. It is not the minimum Wesly; paranoidcookie did post the minimum, one less command. The flushing command  iptables -F; iptables -t nat -F; iptables -t mangle -F

It turns out that paranoidcookie, was also right about a problem I was having and had not even mentioned on in this post. I had originally posted another question about why NAT was not working and gave a full description of the problem etc. I created this post so that I could create a generic "default.conf" for my firewall rules. This way I know that I have only what is absolutley need to make it work and verifies that any problem I am having is in my iptables somewhere. As it turns out, SuSEfirewall was not totaly disabled; after double checking my service settings and disabling all 3(!) entires for SuSEfirewall and rebooting, my firewall is now working with the command set I originally posted.

I am increasing the points and will split them between you two. Thanks for the input!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now