On Saturday 08 June 2002 1:01 pm, [EMAIL PROTECTED] wrote: > echo "Cleaning ..." > for i in filter nat mangle > do > $IPT -t $i -F > $IPT -t $i -X > done
-F is a good idea, but you can't do -X (delete chain) on the built-in chains; only user-defined ones. > echo "Initial rules ..." > $IPT -P INPUT ACCEPT > $IPT -P OUTPUT ACCEPT > $IPT -P FORWARD DROP I would recommend setting default policy on your INPUT chain to DROP as well, and then allow in only what you want... > $IPT -t nat -A POSTROUTING -s 192.168.20.0/24 -o eth1 -j MASQUERADE > $IPT -t nat -A POSTROUTING -d 192.168.20.0/24 -o eth1 -j MASQUERADE No, you only want the first one of these rules. I'm assuming that eth1 is your external interface. > echo -e "- Enabling SNAT (MASQUERADE) funtionality on eth0" > $IPT -t nat -A POSTROUTING -o eth0 -j MASQUERADE Maybe I'm wrong in thinking that eth1 is your external interface ? Please can you tell us what eth0and eth1 are connected to (and where networks 192.168.20.0 and 192.168.10.0 are connected ? The rest looks pretty good to me. Antony.
