Thanks or the quick reply. Although I have had no success, I have been
trying all day using both physdev and ebtables, neither of which I can get
working :( Please help - below is what I am currently using.
***
#!/bin/sh
PATH=/usr/sbin:/sbin:/bin:/usr/bin
#
# delete all existing rules.
#
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
# Always accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT
# Allow established connections, and those not coming from the outside
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j
ACCEPT
# Allow outgoing connections from the LAN side.
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
# Masquerade.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# Don't forward from the outside to the inside.
#iptables -A FORWARD -i eth0 -o eth0 -j REJECT
# Enable routing.
echo 1 /proc/sys/net/ipv4/ip_forward
# This line tells ebtables to route (accept) the packages // going to port
80, instead of bridging them:
ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination-port
80 -j redirect --redirect-target ACCEPT
# This line tells ebtables to route (accept) the packages // going to port
80, instead of bridging them:
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT
--to-port 8080
# This line is from www.linux.com transparent proxy which allows port 8080
from the local network
#iptables -A INPUT -i eth1 -p tcp -d 192.168.0.253 -s 192.168.0.0 --dport
8080 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A FORWARD -p tcp --dport 80 -m physdev --physdev-in eth1
--physdev-out eth0 -j ACCEPT
**
Please help - if I use Shorewall it works first go?
Internet - (eth0 - eth1) - local lan
Kind regards
William
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
