On Mon, 2009-03-30 at 10:52 +0400, Hiisi wrote: > Here's what I have now: > I assigned F10 eth1 an address 192.168.2.1/24 > and done some additional iptables commands on F10: > iptables -A FORWARD -i eth1 -j ACCEPT > iptables -A FORWARD -o eth1 -j ACCEPT > iptables -t nat -A POSTROUTING > Also enabled stack forwarding with this command > on F10: > echo 1 > /proc/sys/net/ipv4/ip_forward > Assigned for F9 laptop IP 192.168.2.2 > Setted laptop' route table so it's default gateway is 192.168.2.1 > > IT ALL DOESN'T WORK. Back when I used dial-up, and had one PC sharing the internet to the rest, I used a script to set up my networking. The following script was run any time I changed firewall rules (they were written into it). Nothing was done to the clients, other than see that they had an IP address and netmask applicable to the LAN, DNS server address, and the gateway IP. Either via manual configuration per PC, or letting DHCP set up each client. I always used the long form of the commands, I could never remember what half the abbreviations stood for. Either method works, though I can always understand what this script does by reading it. I don't have to refer back to the manuals. #!/bin/bash ## Turn off IP forwarding while altering configuration: ## ## (Educated guess: To stop things sneaking through, while your ## firewall isn't operating.) echo 0 > /proc/sys/net/ipv4/ip_forward ## Flush any pre-existing rules: iptables --flush INPUT iptables --flush OUTPUT iptables --flush FORWARD iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain ## Set default (policy) rules: iptables --policy INPUT DROP iptables --policy OUTPUT ACCEPT iptables --policy FORWARD ACCEPT ## Custom firewall rules went here: ## ## (For allowing outside connections, appropriately, into local services. No ## special rules were needed to allow LAN PCs to reach the outside world.) # e.g. iptables --append INPUT --jump ACCEPT --in-interface ppp+ --protocol tcp --destination-port 80 ## Guard against IP spoofing: ## ## (Refuse outside connections pretending to have inside addresses, and refuse ## inside connections with outside addresses.) iptables --append INPUT --jump DROP --in-interface eth+ \! --source 192.168.0.0/16 iptables --append INPUT --jump DROP \! --in-interface eth+ --source 192.168.0.0/16 iptables --append INPUT --jump DROP --in-interface \! lo --source 127.0.0.1/255.0.0.0 ## Set up masquerading to allow internal machines access to outside network: ## ## (sharing the ppp connection, change to suit your outside interface) iptables --table nat --append POSTROUTING --out-interface ppp+ --jump MASQUERADE ## Turn on IP forwarding, now: echo 1 > /proc/sys/net/ipv4/ip_forward ## Save iptables rules to the default iptables rules file (used at boot-up): ## ## (Red Hat's own /etc/init.d/iptables script looks here. Rules you set, above ## will be automatically applied when booting normally, you don't need to change ## how your system boots.) iptables-save > /etc/sysconfig/iptables -- [tim@localhost ~]$ uname -r 2.6.27.19-78.2.30.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines