Internet connection share with iptables
Shu Hung (Koala)
koalay at gmail.com
Wed Nov 14 12:36:45 UTC 2007
Hello all,
I'm using GPRS on my notebook. And I want to share my internet with some
computers on the same switch. I made a script with reference to
wiki<http://wiki.ubuntu.org.cn/index.php?title=Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables&variant=zh-tw>.
But it didn't work. After running the script, other PCs can ping my notebook
from 192.168.40.1 but not any external IPs. While my notebook can visit
external websites normally.
The below is my script. Please tell me what's wrong with it. Thanks!!!!
Koala Yeung
# ---------------------------------------
# Configure the private network for ics
# ---------------------------------------
/sbin/ifconfig eth0 192.168.40.1 netmask 255.255.255.0 broadcast
192.168.40.255
# ------------------------------------
# Remove all existing iptables rules
# ------------------------------------
# Flush all the rules in filter and nat tables
iptables --flush
iptables --table nat --flush
# Delete all chains that are not in default filter and nat table
iptables --delete-chain
iptables --table nat --delete-chain
#---------------------------------------------------------------
# Load the NAT module
#
# Note: It is best to use the /etc/rc.local example in this
# chapter. This value will not be retained in the
# /etc/sysconfig/iptables file. Included only as a reminder.
#---------------------------------------------------------------
modprobe iptable_nat
#---------------------------------------------------------------
# Enable routing by modifying the ip_forward /proc filesystem file
#
# Note: It is best to use the /etc/sysctl.conf example in this
# chapter. This value will not be retained in the
# /etc/sysconfig/iptables file. Included only as a reminder.
#---------------------------------------------------------------
echo 1 > /proc/sys/net/ipv4/ip_forward
#---------------------------------------------------------------
# Allow masquerading
# - Interface ppp0 is the internet interface
# - Interface eth0 is the private network interface
#---------------------------------------------------------------
iptables -A POSTROUTING -t nat -o ppp0 -s 192.168.40.0/24 -d 0/0 \
-j MASQUERADE
#---------------------------------------------------------------
# Prior to masquerading, the packets are routed via the filter
# table's FORWARD chain.
# Allowed outbound: New, established and related connections
# Allowed inbound : Established and related connections
#---------------------------------------------------------------
iptables -A FORWARD -t filter -o ppp0 -m state \
--state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -t filter -i ppp0 -m state \
--state ESTABLISHED,RELATED -j ACCEPT
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20071114/07c09804/attachment.html>
More information about the ubuntu-users
mailing list