You need to enable Packet forwarding and NAT. Considering your network
architecture these commands may do the trick:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t filter -A FORWARD -s 10.20.30.0/24 -d 0/0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
If you are using PPPoE then you will have to change eth1 to ppp0 for NAT.
To forward HTTP traffic (dst port 80) to your Linux box you will have
to use the following iptables rule :
iptables -t nat -A PREROUTING -i eth1 -s 10.20.30.0/24 -p tcp --dport
80 -j REDIRECT --to-ports 8080
You need to make sure that some kind of TCP service is listening on
port 8080 on your debian box . You can verify that using netstat
-tunlp command.
-Prithak
-http://prithak.blogspot.com
On Thu, Jun 23, 2011 at 2:55 AM, lee <lee@yun.yagibdah.de> wrote:
>
> "Manu" <manuliste@manu-dpk.net> writes:
>
> > Hello,
> > I'm French, I'm sorry for my bad english.
> > I'm a beginner debian user.
> > In my home network, I have a linux machine with debian6.
> > My debian has to do dhcp server with isc-server.
> > I have 2 network card, eth0 = public Ip (adsl modem)
> > eth1 = lan.
> > My dhcp server runs.
> > But I can't connect to internet with pc's.
> > Description :
> >
> > network : 10.20.30.0
> > mask : 255.255.255.0
> > Windows server: 10.20.30.2
> > Linux server (Debian6) : 10.20.30.1 (DHCP a nd gateway to wan)
> > Accesspoint Wifi : 10.20.30.3
> > NAS server : 10.20.30.4
> > MAO PC: 10.20.30.5
> > laptop : 10.20.30.6
> > IP phone : 10.20.30.7, 10.20.30.8, 10.20.30.9
> > I can connect to lan machines but not to wan.
> >
> > cat /proc/sys/net/ipv4/ip_forward is 1
> >
> > What are routes I have to create with route command ?
> > How can I routed 80 port to 10.20.30.1 with iptables ?
> > thank you for your help !
>
> Have you tried shorewall? It has sufficient documentation and should
> make it pretty easy to achieve the setup you need, with the added
> benefit of providing a fully featured firewall.
>
> Setting up a firewall is probably much better than connecting your
> networks to the internet directly without one through your ADSL
> modem. It will also help you to redirect some traffic on port 80 to
> 10.20.30.1 and to do the neccessary masquerading.
>
> However, I would start with setting up a name server for your networks
> if you´ve not already done so.
>
> > --------------------------------------------------------------------------------
> >
> > AMICALEMENT
> > Manu
> >
> > SITES WEBS
> > Mon site web Officiel (Manu-dpk.net)
> > Ecoutez Radio DPK
> >
> > CONTACT
> > - E-mail : manuliste@manu-dpk.net
> > - Messenger (WLM) : msn@manu-dpk.net
> > - Skype : manu-dpk
> >
> >
> >
> > --------------------------------------------------------------------------------
> >
> >
> > PS : Pour le respect de l'environnnement, n'imprimez ce mail qu'en cas de nécessité.
>
> Can you please use the standard seperator ("-- ") for your signature and
> refrain from posting HTML messages?
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/87hb7hk1ww.fsf@yun.yagibdah.de
>
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/BANLkTikmVy3P=Vmu=NWuosU8hLaTNW-1UQ@mail.gmail.com
No comments:
Post a Comment