2

I'm trying to make my Debian server the router for my LAN.

I got two interfaces: eth0 connects to internet through PPPoE, eth1 to LAN. I switched on forwarding in sysctl net.ipv4.ip_forward=1 and disabled iptables(policy accept). I can ping the gateway, but can't ping anything on the internet.

pauska
  • 19,620
  • 5
  • 57
  • 75
29ru
  • 33
  • 1
  • 1
  • 4

2 Answers2

5

You need to use NAT to share the internet connection to your LAN.

Example:

iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT

See this guide at HowtoForge for more info: http://www.howtoforge.com/nat_iptables

pauska
  • 19,620
  • 5
  • 57
  • 75
  • I thought when iptables disabled there are no barriers to traffic.thanks i'll try it – 29ru Oct 19 '11 at 10:31
0

Enabling IP forwarding (AKA routing) is not enough; you must also NAT the internal network to the external IP.

Disabling netfilter is not going to get you there; you need Rusty's one-line rule of masquerade:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
adaptr
  • 16,576
  • 23
  • 34