part of your problem then this might help.
(don't remember where I got it but it was part of an ipchains script I
got from somewhere)
EXTDEV=eth1
EXTERNALIP=`ifconfig $EXTDEV | grep "inet addr:" | \
awk -F: {'print $2'} | cut -d\ -f 1`
if [ -z "${EXTERNALIP}" ]; then
exit 1
fi
This will get your ip address from ifconfig and then you simply use the
variables in place of manual IP's.
> What is the proper way to do this?
>
All policies should be DENY. Of course if your not that freaky about
security the the OUTPUT chain can usually be set to ACCEPT to make
things easier. This is usually not a security problem.
> We'll use these numbers as an example of my net config:
> eth0 192.168.1.1 # The LAN obviously.
> eth1 24.32.5.105 # The DHCP assigned WAN IP
>
I'll try my hand at a simple script that may work for you...
#!/bin/sh
EXTDEV=eth1
EXTIP=`ifconfig $EXTDEV | grep "inet addr:" | \
awk -F: {'print $2'} | cut -d\ -f 1`
if [ -z "${EXTERNALIP}" ]; then
exit 1
fi
INTDEV=eth0
INTIP=192.168.1.1
ipchains -F
ipchains -X
ipchains -P forward DENY
ipchains -P input DENY
ipchains -P ouput ACCEPT (this is simpler for now)
ipchains -A input -i $INTDEV -s 192.168.1.0 -d 0.0.0.0/0 -j ACCEPT
# This allows input from your LAN
ipchains -A forward -s 192.168.1.0 -d 0.0.0.0/0 -j MASQ
# Masquerade everything going outside
I'm a bit rusty w/ ipchains but I think this will work.
Please correct my if I'm wrong.
sim