From: David Goss <vze2bd6u@verizon.net>
have the pppoe all set up... but can't for the life of me remember how to set up the ipchains to handle the windows boxes for the wife and kids... and man they are getting hostile about not being able to get on the internet from home... i know it was not that hard to set up but for the life of me i can not find the docs i used in the first place...
Well, if you are starting from scratch you might as well use iptables instead of ipchains, which are nearing obsolete. Here is my "gateway" script. It is a firewall with a big hole in it. It protects the windows machines just by trusting the ISP not to route local addresses to you from outside. (I assume your Windows machines are 192.168.0.???, or similar.) Once you have a gateway working you can play with it to turn it into a real firewall. I have two ethernet cards in the firewall machine, one connected to the DSL modem one to the LAN. You don't say if you have the same. I think the below should work with one card, forwarding both from and to the LAN, but have not tried it. Also, I have a static IP address build into the script. I think to use PPPoE you need to change the last line, but again have not tried it. ------------------- #!/bin/bash /etc/sysconfig/network-scripts/ifup eth1 /sbin/rmmod ipchains /sbin/modprobe ip_conntrack_ftp echo "1" >/proc/sys/net/ipv4/ip_forward IPT="/sbin/iptables" INTERNET_ETHER="eth0" FCS_ETHER="eth1" GATEWAY_IP="66.92.74.1" FCS_IP="66.92.74.188" $IPT -t filter --flush $IPT -t nat --flush $IPT -t mangle --flush $IPT -A INPUT -i lo -j ACCEPT $IPT -A OUTPUT -o lo -j ACCEPT $IPT -t filter --policy INPUT ACCEPT $IPT -t filter --policy OUTPUT ACCEPT $IPT -t filter --policy FORWARD ACCEPT $IPT -t nat --policy PREROUTING ACCEPT $IPT -t nat --policy OUTPUT ACCEPT $IPT -t nat --policy POSTROUTING ACCEPT $IPT -t mangle --policy PREROUTING ACCEPT $IPT -t mangle --policy OUTPUT ACCEPT $IPT -t nat -A POSTROUTING -o $INTERNET_ETHER -j SNAT --to-source $FCS_IP ------------------ For PPPoE, change that last line to $IPT -t nat -A POSTROUTING -o $INTERNET_ETHER -j MASQURADE -- Keith