60.19 IP Forwarding: Home Networks
Consider a home network of GNU/Linux and MS/Windows machines, connected via ethernet. A GNU/Linux machine can connect to the Internet via PPP. We want to provide network access from all machines. We use iptables, iptables, iptables (for kernel version 2.4).
Suppose modern is the host which will connect to the Internet using PPP. After installing iptables, iptables, iptables do the following on this host which will serve as the Internet gateway:
# iptables --flush
# iptables --table nat --flush
# iptables --delete-chain
# iptables --table nat --delete-chain
# iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
# iptables --append FORWARD --in-interface eth0 -j ACCEPT
This clears the rules for filtering and then adds a rule to provide the IP forwarding. Now we need to turn it on for the kernel:
# echo 1 > /proc/sys/net/ipv4/ip_forward
And that’s it! This host, modern will now act as a gateway to the Internet for your local machines.
There is some setup needed to have this survive a reboot. One approach
is to do this through init.d, as explained in
Section ??. The first step is to create a script
file called /etc/init.d/myfirewall
containing:
#! /bin/sh
#
# Set up a firewall for IP Masquerading
#
PATH=/bin:/usr/bin:/sbin:/usr/sbin
case "$1" in
start)
echo -n "Starting IP Masquerading: myfirewall"
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "."
;;
stop)
echo -n "Stopping IP Masquerading: myfirewall"
echo 0 > /proc/sys/net/ipv4/ip_forward
echo "."
;;
reload)
echo "Not implemented."
;;
force-reload|restart)
sh $0 stop
sh $0 start
;;
*)
echo "Usage: /etc/init.d/myfirewall {start|stop|restart|force-reload|reload}"
exit 1
;;
esac
exit 0
Then the firewall can be turned on and off with:
$ wajig start myfirewall
$ wajig stop myfirewall
To have it started at boot and stopped at shutdown:
# update-rc.d myfirewall start 40 S . stop 89 0 6 .
This creates the following links:
/etc/rc0.d/K89myfirewall -> ../init.d/myfirewall
/etc/rc6.d/K89myfirewall -> ../init.d/myfirewall
/etc/rcS.d/S40myfirewall -> ../init.d/myfirewall
Another approach is to only turn it on and off as a PPP connection is
established. See the scripts in
/usr/share/doc/iptables/examples
for details.
%See /etc/default/iptables
and
%/etc/default/iptables
for details.
%Reconfigure iptables to say yes to using the initr.d script:
%
% $ wajig reconfigure iptables
%```
Now *rose* and *inco*, machines on the local home
network, can have their network interface set up:
```bash
iface eth0 inet static
address 192.168.1.2
network 192.168.1.0
netmask 255.255.255.0
gateway 192.168.1.5 (modern)
Your donation will support ongoing availability and give you access to the PDF version of this book. Desktop Survival Guides include Data Science, GNU/Linux, and MLHub. Books available on Amazon include Data Mining with Rattle and Essentials of Data Science. Popular open source software includes rattle, wajig, and mlhub. Hosted by Togaware, a pioneer of free and open source software since 1984. Copyright © 1995-2022 Graham.Williams@togaware.com Creative Commons Attribution-ShareAlike 4.0
