From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <djbouley@shaw.ca>
Date: Wed, 09 Apr 2003 12:03:58 -0600
From: djbouley <djbouley@shaw.ca>
To: Community-en@altlinux.org
Message-id: <200304091203.58359.djbouley@shaw.ca>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Content-disposition: inline
User-Agent: KMail/1.5
Subject: [Comm-en] Setting up internet sharing
Sender: community-en-admin@altlinux.org
Errors-To: community-en-admin@altlinux.org
X-BeenThere: community-en@altlinux.org
X-Mailman-Version: 2.0.9
Precedence: bulk
Reply-To: community-en@altlinux.org
List-Unsubscribe: <http://www.altlinux.org/mailman/listinfo/community-en>,
	<mailto:community-en-request@altlinux.org?subject=unsubscribe>
List-Id: <community-en.altlinux.org>
List-Post: <mailto:community-en@altlinux.org>
List-Help: <mailto:community-en-request@altlinux.org?subject=help>
List-Subscribe: <http://www.altlinux.org/mailman/listinfo/community-en>,
	<mailto:community-en-request@altlinux.org?subject=subscribe>
List-Archive: <http://www.altlinux.org/pipermail/community-en/>
Archived-At: <http://lore.altlinux.org/community-en/200304091203.58359.djbouley@shaw.ca/>
List-Archive: <http://lore.altlinux.org/community-en/>
List-Post: <mailto:community-en@lists.altlinux.org>

Okay that got the firewall's rules is going okay.  My other PCs on the 
network, though, cannot seem to gain access to the Internet.

I have them configured to use a static IP, with addresses of 192.168.0.(2, 3, 
4, etc.),  IP of network set to 192.168.0.1 (eth1 on main PC), Netmask of 
255.255.255.0, Broadcast address of 192.168.0.255, Gateway of 192.168.0.1 
(eth1 on main PC).

Using the ALT Linux control centre, eth0 and eth1 show to be up and running.  
eth1 shows of having an IP address of 192.168.0.1 (the control centre's share 
connection setup still doesn't work, though).

The control centre's Services tool show that iptables is 'running'.

I'll try to figure something out if I can, I just thought I'd let you know how 
it's going.  Thanks for all of your time and effort.

David.



> Argh, it's my fault -- underreconstructed local configuration.

> Here's the contents of /etc/sysconfig/iptables:

> Should be like this: (add one line)

> *filter
> :tcprules - [0:0]
> -A INPUT -j tcprules
> -A FORWARD -j tcprules
> -A tcprules -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A tcprules -i ! eth1 -m state --state NEW -j ACCEPT
> -A tcprules -i eth1 -m state --state INVALID,NEW -j DROP
> -A tcprules -i eth1 -j REJECT --reject-with icmp-host-unreachable
> COMMIT
> *nat
> -A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE
> COMMIT

> The story: we've asked iptables to use a specific chain (which
> gets reused), but haven't created ("declared") it and no specific
> module was found to be used for it.

> Somewhat more elaborate config is attached, you can have some
> more interesting examples in its comments.


============================================
(o_
//\
\/_/  E-mail powered by Linux
============================================
======