And it should all work now. Don't forget to:
Setup all the clients on the internal network to point to the Linux internal IP address as their gateway. (In windows right-click network neighbourhood->properties->gateway then change it to the Linux gateway internal ip.)
Setup all the clients to use your ISP's HTTP proxy if they have one, use a transparent proxy (WARNING - I've heard reports of transparent proxying to be very slow on very big networks), or run squid on your new linux gateway. (This is optional, but preferrable for large networks)
Now you should start securing it! First turn off forwarding in general: "iptables -P FORWARD DROP", and then learn how to use iptables and /etc/hosts.allow and /etc/hosts.deny to secure your system. WARNING - Don't try this mentioned iptables rule until you have the masquerading working. You have to explicitely allow every packet through that you want if you are going to set the last rule to be DENY. (Undo with "iptables -P FORWARD ACCEPT")
Allow through any services you do want the internet to see.
For an example, to allow access to your web server do:
$> iptables -A INPUT --protocol tcp --dport 80 -j ACCEPT $> iptables -A INPUT --protocol tcp --dport 443 -j ACCEPT |
To allow ident (For connecting to irc etc) do
$> iptables -A INPUT --protocol tcp --dport 113 -j ACCEPT |
To test it:
Try connecting from a client to the web using an IP. Google's IP is 216.239.33.100 (well that's one of them) and you should be able to get a reply from that. e.g. "ping 216.239.33.100" "lynx 216.239.33.100".
Try a full out connection by name. e.g. "ping google.com" "lynx google.com" or from Internet Explorer / netscape.
Where eth0 is the external Internet card, and 123.12.23.43 is the external ip of that machine.