Very Computer

I have got some way with setting up iptables for firewalling and NAT
for my LAN. I have read most of the howtos, faqs and example iptables
setup scripts but I am now stuck!

I have set up iptables like this:
#!/bin/sh
IPT="/sbin/iptables -v"               # Location of iptables binary plus
options.
LAN_IF=eth0                     # LAN interface
WAN_IF=ppp0                     # WAN interface
LAN_IP=192.168.0.0/8            # LAN IP addresses
WAN_IP=staticipaddress          # WAN IP address

# Change source IP address of Internet traffic before forwarding.
$IPT -t nat -A POSTROUTING -o $WAN_IF -j SNAT --to-source $WAN_IP

# Activate forwarding.
echo 1 > /proc/sys/net/ipv4/ip_forward

This works in that I can access the Internet from another machine on
the LAN (also news and ping). However it _doesn't_ work as expected in
that:

New (i.e. opened after running the iptables script) ssh sessions
connections fail to connect, but old ones continue to work OK.

However smb works fine, even if Samba is restarted after running the
script.

I thought that entries in the POSTROUTING table only acted on packets
that were on their way out of the box. Any explanations and
suggestions for getting ssh to work would be welcome.

Mark Atherton

Quote:Yesterday I wrote...
>This works in that I can access the Internet from another machine on
>the LAN (also news and ping). However it _doesn't_ work as expected in
>that:

>New (i.e. opened after running the iptables script) ssh sessions
>connections fail to connect, but old ones continue to work OK.

>However smb works fine, even if Samba is restarted after running the
>script.

>I thought that entries in the POSTROUTING table only acted on packets
>that were on their way out of the box. Any explanations and
>suggestions for getting ssh to work would be welcome.

>Mark Atherton

As usual the error turns out to be mine or Win98 rather than Linux. I
have discovered that when the Win98 PC I was using PuTTY on for ssh to
the Linux PC had an incorrect hosts file. Therefore when I was trying
to ssh between PCs the Linux machine was querying my internet DNS
server. This caused the modem activity and the ultimate failure of ssh
connection (since my ISPs DNS server doesn't have the correct IP
address!)

Sorry for bothering the group, I'll think (longer) before I post next
time!

Mark Atherton

Quote:Yesterday I wrote...
>This works in that I can access the Internet from another machine on
>the LAN (also news and ping). However it _doesn't_ work as expected in
>that:

>New (i.e. opened after running the iptables script) ssh sessions
>connections fail to connect, but old ones continue to work OK.

>However smb works fine, even if Samba is restarted after running the
>script.

>I thought that entries in the POSTROUTING table only acted on packets
>that were on their way out of the box. Any explanations and
>suggestions for getting ssh to work would be welcome.

>Mark Atherton

As usual the error turns out to be mine or Win98 rather than Linux. I
have discovered that when the Win98 PC I was using PuTTY on for ssh to
the Linux PC had an incorrect hosts file. Therefore when I was trying
to ssh between PCs the Linux machine was querying my internet DNS
server. This caused the modem activity and the ultimate failure of ssh
connection (since my ISPs DNS server doesn't have the correct IP
address!)

Sorry for bothering the group, I'll think (longer) before I post next
time!

Mark Atherton