from the iptables script
Code:
...
# eth/wlan forward - NAT
$IPT -t nat -I PREROUTING 1 -s 192.168.3.0/24 -j LOG --log-prefix 'IPTABLES ICMP (PREROUTING): '
$IPT -t filter -I FORWARD 1 -s 192.168.3.0/24 -j LOG --log-prefix 'IPTABLES ICMP (FORWARD): '
$IPT -t nat -I POSTROUTING 1 -s 192.168.3.0/24 -j LOG --log-prefix 'IPTABLES ICMP (POSTROUTING): '
$IPT -A FORWARD -o $WAN -i $WLAN -s 192.168.3.0/24 -m conntrack --ctstate NEW -j ACCEPT
$IPT -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
$IPT -t nat -A POSTROUTING -o $WAN -j MASQUERADE
sysctl -w net.ipv4.ip_forward=1
...
Code:
alex@server:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
LOG all -- 192.168.3.0/24 anywhere LOG level warning prefix "IPTABLES ICMP (FORWARD): "
ACCEPT all -- 192.168.3.0/24 anywhere ctstate NEW
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Code:
alex@server:~$ sudo iptables -v -L -t nat
Chain PREROUTING (policy ACCEPT 168K packets, 12M bytes)
pkts bytes target prot opt in out source destination
144K 9188K LOG all -- any any 192.168.3.0/24 anywhere LOG level warning prefix "IPTABLES ICMP (PREROUTING): "
Chain INPUT (policy ACCEPT 167K packets, 12M bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 5718 packets, 492K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1046 packets, 77703 bytes)
pkts bytes target prot opt in out source destination
871 68203 LOG all -- any any 192.168.3.0/24 anywhere LOG level warning prefix "IPTABLES ICMP (POSTROUTING): "
5367 461K MASQUERADE all -- any eth anywhere anywhere
Bookmarks