iptables

[Ben Scott]

On Mon, Sep 22, 2008 at 11:27 AM, Labitt, Bruce
<labittb1 at tycoelectronics.com> wrote:
>> Are you still using running Sci Linux 5, or have
>> you changed to something else by now?
>
> Not yet.

  Okay, I think RHEL/CentOS/SL have a GUI for this, but I think the
following should work for you, if run as root:

	# turn on IP tables service
	service iptables start
	chkconfig iptables on
	# clear all existing rules and chains in both "nat" and "filter" tables
	iptables -t filter -F
	iptables -t filter -X
	iptables -t nat -F
	iptables -t nat -X
	# allow all traffic to/from this host
	iptables -t filter -A INPUT -j ACCEPT
	iptables -t filter -A OUTPUT -j ACCEPT
	# masquerade traffic from lab to corporate
	iptables -t nat -A POSTROUTING -i eth0 -o eth1 -j MASQUERADE
	# allow traffic from lab to corporate
	iptables -t filter -A FORWARD -i eth0 -o eth1 -j ACCEPT
	# use connection tracking to make masqueraded traffic work
	iptables -t filter -A FORWARD -m state --state established,related -j ACCEPT
	# save for use in future
	service iptables save

  That assumes eth0 is your local/lab network, and eth1 is your
corporate/upstream network.

  I haven't tested the above.  Stupid bugs may be present. :)

  The above has absolutely no access control -- this assumes you
already have a firewall somewhere, protecting you.  If you use the
above config on a public network connection, you're a sitting duck.
You have been warned.

-- Ben