Up until recently I've always used ipfwadm for all my networks. I've
taken a copy of zipslack, chucked it onto a reiserFS patition and hacked
whole system down and reinstalled tonns of stuff. it currently runs.
Linux 2.4.1 - iptables v1.2 and a pppd in Dial on Demand mode.(ISDN)
I've configured Netfilter to look like this :
<*> Connection tracking
<*> FTP protocol support
<*> IP tables support
<*> Packet Filtering
<*> REJECT target support
<*> MIRROR target support
<*> Full NAT
<*> MASQUERADE target support
<*> REDIRECT target support
everything else under IP: Netfilter Configuration is left out.
and yes Sysctl is enabled.
Now.. I don't want to do anything fancy just a bit of IP masquerading
through a Dial on Demand ppp0
device for a small network.
Previously it was a cyinch.
All i did was put :
ipfwadm -F -p deny
ipfwadm -F -a m -b -S 192.168.0.0/24 -D 0.0.0.0/0
in my rc.local.
Now i have to use a funny NAT table and all anyway I've read and read
and I've done so much pacing that I've tripped twice on the same place.
This is what I make out that I am supposed now (with iptables 1.2 and
(according to the NAG anyway)
iptables -t nag -F
iptables -t nag -P POSTROUTING DROP
iptables -t nag -A POSTROUTING -o ppp0 -j MASQUERADE
This works.. but.. now the Clients still can't see the net..
Their DNS server is set to the correct one (I know becaues everything is
the same as it was before using ipfwadm and the dhcpc.conf is the same)
In fact they can't even ping a Internet Server even if they know it's
Where could I have gone wrong?.. do I need to set other Rules in the