>>>>> "Adam" == Adam Mercer <[EMAIL PROTECTED]> writes:
> On Mon, Sep 22, 2003 at 09:43:37AM +0900, Jason Stubbs wrote: > Well I've followed the NAT HOWTO and I still can't get it working. I > have managed to get a DHCP server running, it gives an IP address > out in the range 10.0.0.0 to 10.0.0.100 - this works. I've attached > my firewall script, one thing I've noticed is that firewall status > doesn't say anything regarding NAT when looking at the script it > should? > skymoo root # /etc/init.d/firewall status * status: started skymoo > root # > Also iptables -L shows nothing regarding NAT iptables -L -t nat but you proabably know that by now. > skymoo root # iptables -L Chain INPUT (policy DROP) target prot opt > source destination ACCEPT all -- anywhere anywhere ACCEPT all -- > anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere > anywhere tcp dpt:ssh LOG all -- anywhere anywhere LOG level warning > prefix `FIREWALL:INPUT ' > Chain FORWARD (policy DROP) target prot opt source destination > Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT > all -- anywhere anywhere skymoo root # > Any pointers would be appreciated. I'm not sure I know what your problem is, but this may help. # basic nat on extrenal device. iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE This should get your nating working. I highly recommend using LOG to determine and trouble shoot what is going on in your firewall. If you have a rule that you don't know what it is doing copy the rule and replace the -J ACCEPT (whatever) with -j LOG --prefix "TESTING RULE 3" in the first copy of the rule, or even comment out the old one until LOG is LOGING the rule you want. happy natting, Mojo -- [EMAIL PROTECTED] mailing list