Antonio wrote:
I installed a new modem ADSL2+ that doesn' t need pppo any longer because it starts connection by himself I had this set of rules on my my computer acting as a router. When I switched from the old to the new modem, the computer on the lan didn't surf the net, the I realized that I had to change some rule. # Generated by iptables-save v1.2.6a on Fri Feb 21 09:27:33 2003 *nat :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j MASQUERADE # Forward HTTP connections to Squid proxy -A PREROUTING -p tcp -m tcp -i eth0 --dport 80 -j REDIRECT --to-ports 3128 COMMIT # Completed on Fri Feb 21 09:27:33 2003 # Generated by iptables-save v1.2.6a on Fri Feb 21 09:27:33 2003 *mangle :PREROUTING ACCEPT [9:432] :INPUT ACCEPT [3:234] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [9:684] :POSTROUTING ACCEPT [17:1292] COMMIT # Completed on Fri Feb 21 09:27:33 2003 # Generated by iptables-save v1.2.6a on Fri Feb 21 09:27:33 2003 *filter :FORWARD DROP [0:0] :INPUT DROP [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth0 -j ACCEPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -i eth0 -j ACCEPT COMMIT # Completed on Fri Feb 21 09:27:33 2003 _______________________________________________________ I replaced the postrouting line by: -A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE But the LAN didn't work. Where is the mistake???
I expect your "modem" is actually a router, and that you can just turn your Linux firewall off. The router performs firewall and NAT functions that are perfectly adequate for most people.
-- Cheers John -- spambait 1aaaaaaa@xxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxx Please do not reply off-list