|
|
IPTables Configuration | |
|
Home |
Contributed by KB1IMDThis little guide is not meant to replace all ready existing IPTables documents or the more general purpose Firewalling/IPTables how-to's. It is merely submitted in the hope that other people using a Linux based computer as an internet gateway/firewall will have an easier time using EchoLink. Several pages provided hints on how to get this working. Particularly the Masq Apps page (http://www.tsmservices.com/masq/cfm/detail.cfm?AppID=147) I use a variation of the advanced firewalling script provided in one of the IPTables how-to's and thus require a few more lines to allow certain types of packets back in. However, this example should work for most basic NAT setups by simply replacing whatever script you use now with the following. If you're all ready using a more advanced IPTables configuration, you should know what you are doing enough to not just cut and paste but to insert the relevant lines into your existing script.
########################################################################################### # .........................-START-OF-USER CONFIGURATION SECTION-......................... # # (Your paths may be different; use the `which` command to find out where your # binaries are e.g. `which iptables`) IPTABLES="/usr/sbin/iptables" IFCONFIG="/sbin/ifconfig" GREP="/usr/bin/grep" AWK="/usr/bin/awk" SED="/bin/sed" # Network Interface Configuration, adjust these as neccesary. I have DSL, Cable modem # will probably be different; likewise, the internal interface may be eth0 (You # should be able to figure out what is what by simply typing `ifconfig | less`). EXTIF="ppp0" # External (Internet Side) INTIF="eth1" # Internal (Local Side) # Determine the external IP automatically
EXTIP="`$IFCONFIG $EXTIF | $GREP 'inet addr' | $AWK '{print $2}' | $SED -e 's/.*://'`"
# Address of Computer Running EchoLink ECHOIP="192.168.1.2" # ^^^^^^^^^^^^^^^^^^^^^^^^^^-ALL USER CONFIGURATION ABOVE HERE-^^^^^^^^^^^^^^^^^^^^^^^^^^ # ########################################################################################### # The following 2 lines enable port forwarding (DNAT) of the udp packets back to # echolink. Note that you can only have one computer running echolink behind # the firewall using this configuration. $IPTABLES -t nat -A PREROUTING -d $EXTIP -p udp --dport 5198 -i $EXTIF -j DNAT --to-destination $ECHOIP $IPTABLES -t nat -A PREROUTING -d $EXTIP -p udp --dport 5199 -i $EXTIF -j DNAT --to-destination $ECHOIP # Enable SNAT so everyone can get out $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j SNAT --to $EXTIP # Enable IP Forwarding so all of this NAT stuff works echo 1 > /proc/sys/net/ipv4/ip_forward
That's it! Have fun using EchoLink! 73, ~Jason Gurtz, KB1IMD
|
