Set iptables for Nat in Ubuntu 10.10

Eth0 connects to the ADSL modem and sets it to DHCP. At the same time, it must enable the ADSL automatically, so eth0 should not start automatically. Eth1 is used as the intranet connection Nic. The IP address is 192.168.3.1, And the gateway is set to 0.0.0.0. Do not set the DNS. Because the gateway and DNS settings are automatically obtained after successful ADSL dialing, the gateway and DNS settings cannot be set for eth1.

 

Set iptables as follows: # Generated by iptables-save v1.4.4 on Wed Nov 3 22:07:11 2010
* Nat
: Prerouting accept [89: 5389]
: Output accept [99: 6218]
: Postrouting accept [99: 6218]
-A postrouting-s 192.168.3.0/24-O ppp0-J Masquerade
Commit
# Completed on Wed Nov 3 22:07:11 2010
# Generated by iptables-save v1.4.4 on Wed Nov 3 22:07:11 2010
* Filter
: Input accept [2965: 1911992]
: Forward accept [614: 192167]
: Output accept [5625: 1000183]
-A input-I lo-J accept
-A input-p tcp-m tcp -- dport 22-J accept
-A input-p tcp-m tcp -- dport 443-J accept
-A input-M state -- State established-J accept
-A input-I ppp0-P TCP-M TCP -- TCP-flags SYN, RST, Ack syn-J Drop

-A output-O lo-J accept
-A output-p tcp-m tcp -- Sport 22-J accept
-A output-p tcp-m tcp -- Sport 443-J accept
Commit
# Completed on Wed Nov 3 22:07:11 2010

The above settings enable SSH and HTTPS services, and other connections from ppp0 will be dropped.

 

The above settings are generated using iptables-save after the iptables command is entered. Save the above content as:/etc/iptables-config, modify/etc/rc. Local, and add:

 

Echo "1">/proc/sys/NET/IPv4/ip_forward
Iptables-Restore </etc/iptables-config

 

 

Complete.