You need to configure the machine as a gate. Close all but the pair of ports that were thrown out of the other machine. Inside there should be access to the Internet through NAT.

Dhcp works in the network, IP and other settings are issued, but the machine does not work as a gateway.

Maybe I'm not setting up the correct iptables or do I need to deliver something? Maybe there is an intelligent man for iptables for dummies?

In iptables, it was added:

iptables -t nat -A POSTROUTING -o внешний_интерфейс -j MASQUERADE

Added to the appropriate file

 FORWARD_IPV4=YES

DHCPD issues as gate internal IP of the machine.

Solution found:

 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADEiptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPTiptables -A FORWARD -i eth1 -o eth0 -j ACCEPTecho 1 > /proc/sys/net/ipv4/ip_forward

edit /etc/sysctl.conf

change net.ipv4.ip_forward = 0 to net.ipv4.ip_forward = 1

thanks gecube for setup help

    1 answer 1

    What specifically does not work?

    Check the points:

    1. Is your gateway visible from the internal network?
    2. Is the gateway visible from the external network?
    3. Packets go from the internal network to the external?
    4. On the contrary?
    5. What IPs are assigned to gateway interfaces?
    6. Does DHPCD on the internal network work normally? Are the network settings (gateway, mask, etc.) normal for clients?

    For me personally, the difficulty was to configure the dhcp option on the internal interface, the dynamic address from the provider on the external + routing + NAT. As a result, everything was done on FreeBSD with ipfw + natd. True, I had to make a hack - allow all to all, but it doesn’t really bother me because NAT automatically covers access from the external network to the internal machines.

    • I believe the 3rd and 4th paragraph - Sergey
    • And if more precisely? - gecube
    • More precisely, I do not understand how to organize it) This is the first time I've been setting up such a topic. - Sergej