Scenario:
1 One Linux Box as a firewall having 2 Lan cards or 1 lan card and one internet modem connection.
2. eth0 –> Connected to Broadband. IP is 192.168.1.2 in case of dialup it can be “ppp0”
3. eth1 –> Connected to Local LAN IP is 192.168.2.1
Note: In case of broadband your default gateway should be IP of Router In our example – 192.168.1.1
You want to share Broadband accros the LAN and it should restrict traffice outside the LAN.
Step 1. In /etc/sysctl.conf put following line: net.ipv4.ip_forward=1
Step 2. Need flush iptables to start with
# iptables -F
# iptables -t nat -F
# iptables -t mangle -F
Step 2. Setup Masquerading
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
In case of Dialup please replace eth0 with ppp0.
Step 3. Firewalling:
# iptables -A FORWARD -s 192.168.2.0/24 -j ACCEPT
# iptables -A FORWARD -d 192.168.2.0/24 -j ACCEPT
# iptables -A FORWARD -s ! 192.168.2.0/24 -j DROP
# iptables-save
or you can put these lines from step 2 and step3 in /etc/rc.local or in rc script to start with boot.
And here is your router and Firewall ready.