[plug] NAT on a linux box

[Daniel Pearson]

Ok, this is what I want to ultimately achieve: a NAT/Firewall script that
can be controlled through /etc/init.d/ (debian)
No services other than ppp, ssh, postfix, qpopper, mutt, fethcmail
Very simple dial out get the mail and distribute it to mailboxes and to
allow workstations to browse the internet

Note: IPTables, not IPChains

Any ideas at all?

Cheers,
Daniel

----- Original Message -----
From: "Mike Holland" <myk at plug.linux.org.au>
To: <plug at plug.linux.org.au>
Sent: Monday, February 17, 2003 10:44 PM
Subject: Re: [plug] NAT on a linux box


> On Mon, 17 Feb 2003, Daniel Pearson wrote:
>
> > Hi Mike,
> > The reason I want such a script is so that I can just start it and stop
it
> > whenever I want (don't ask why, sometimes I get bored ;) -- possibly
even if
> > I want to shutdown the NAT while i'm connected, etc.. All I need to do
now,
> > is find a IPTables solution, only something very simple that does the
job
> > well -- any ideas?
>
> Hi Daniel,
> in that case, those one-liners I gave earlier should do the job fine.
> Its really simple.
>
> start-nat.sh :
>   ipchains -F forward
>   ipchains -A forward -j MASQ -s 192.168.1.0/24 -d 0.0.0.0/0
>
> stop-nat.sh :
>   ipchains -F forward
>
> Thats it, on a simple LAN, where 192.168.1.0 is you network address.
> One line to add the NAT rule, one line to flush the 'forwarding' table.
> Add some incoming and outgoing filters for local security if needed.
>
> Is that all you needed?
>
> --
> You ain't seen nothing yet.  - Miguel de Cervantes
>
>
>