I used this script a long time ago. It worked until iptables got changed. It still worked but it gave a few errors. Maybe some guru can look at this and update it for us both. Then maybe I can get someone to upgrade the script on the site. I had to edit the very first bit about which interface is what. Here it is:
I have tested your script! Do you get an error like this: iptables v1.3.5: unknown protocol `ssh' specified I am not sure if it is right but i have replaced this line $IPTABLES -A INPUT --protocol ssh --dport 22 -j ACCEPT by $IPTABLES -A INPUT --protocol tcp --dport 22 -j ACCEPT and the error disappears. For me using this iptable rules didn't work, i still can't ping the internet rom my desktop and also get the error message by the ntp-client on my desktop. Any other suggestions! Here is how i changed the script to fit my needs! #!/bin/bash IPTABLES='/sbin/iptables' # Set interface values EXTIF='ppp0' #INTIF0='eth0' INTIF1='eth0' INTIF2='eth1' # enable ip forwarding in the kernel /bin/echo 1 > /proc/sys/net/ipv4/ip_forward # flush rules and delete chains $IPTABLES -F $IPTABLES -X # enable masquerading to allow LAN internet access $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE # forward LAN traffic from $INTIF1 to Internet interface $EXTIF $IPTABLES -A FORWARD -i $INTIF1 -o $EXTIF -m state --state NEW,ESTABLISHED -j ACCEPT # forward LAN traffic from $INTIF2 to Internet interface $EXTIF $IPTABLES -A FORWARD -i $INTIF2 -o $EXTIF -m state --state NEW,ESTABLISHED -j ACCEPT #echo -e " - Allowing access to the SSH server" $IPTABLES -A INPUT --protocol tcp --dport 22 -j ACCEPT #echo -e " - Allowing access to the HTTP server" $IPTABLES -A INPUT --protocol tcp --dport 80 -j ACCEPT # block out all other Internet access on $EXTIF $IPTABLES -A INPUT -i $EXTIF -m state --state NEW,INVALID -j DROP $IPTABLES -A FORWARD -i $EXTIF -m state --state NEW,INVALID -j DROP -- gentoo-user@gentoo.org mailing list
