Michael Boyd wrote: > [...] > > I tried entering the following commands manually as root to get the > debian box to forward packets:- > > echo "1" > /proc/sys/net/ipv4/ip_forward > iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE > > But the last line generated an error message which I think was to do > with the MASQUERADE part.
Try doing 'modprobe ipt_MASQUERADE' before the iptables step. The Masquerading-Simple-HOWTO on http://www.tldp.org is a good start to making an iptables firewall, along with the IP-Masquerade-HOWTO. > Then I reviewed the packages available and decided to install 'ipmasq'. > After a reboot I could ping the outside world and access the internet > from the Win98 machine with no problems. I *was* planning to keep > 'ipmasq' installed and add iptables rules. > > However, I have just re-read some of the messages from this list which I > filed for future reference. I get the impression that I shouldn't need > 'ipmasq' and can achieve the same with iptables. Is that correct? If > so, does anyone have a small iptables script which I can use to > reproduce the functionality I have at present or point out what I have > done wrong? I'm guessing that when ipmasq is running, if you do 'lsmod', you should see ipt_MASQUERADE, maybe along with some other iptables modules. You just need to have these loaded before inserting some iptables rules. If you're interested in seeing a somewhat-complicated firewall script, I have one of my older scripts at http://www.people.iup.edu/bclg/rules-explanation.txt . eth0 was my lan interface, and eth1 was the external interface. HTH, Jason McCarty
