Making the gateway

bah, I found that removing the skin is not the only way to skin this cat

instead of /etc/init.d/iptables like I thought and editing /etc/sysctl.conf I'd been using /etc/network/if-up.d

This will also be why the ADSL router at home didn't work. Can't wait to sort that out!

slap:/etc/network/if-up.d# cat 01-firewall
#!/bin/sh

iptables --flush # Flush all the rules in filter and nat tables
iptables --table nat --flush
iptables --delete-chain # Delete all chains that are not in default filter and nat table
iptables --table nat --delete-chain

iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE

iptables --append FORWARD --in-interface eth0 -j ACCEPT
iptables --append FORWARD --in-interface tun0 -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward # Enables packet forwarding by kernel

and just for reference so we know which is which interface

slap:/etc/network/if-up.d# ifconfig
eth0 Link encap:Ethernet HWaddr 00:08:0d:87:a0:f5
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::208:dff:fe87:a0f5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10445 errors:0 dropped:0 overruns:0 frame:0
TX packets:10264 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1263010 (1.2 MiB) TX bytes:8928655 (8.5 MiB)

eth1 Link encap:Ethernet HWaddr 00:03:b3:02:17:b6
inet addr:192.168.52.57 Bcast:192.168.52.255 Mask:255.255.255.0
inet6 addr: fe80::203:b3ff:fe02:17b6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:16784 errors:0 dropped:0 overruns:0 frame:0
TX packets:6670 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:8515586 (8.1 MiB) TX bytes:976416 (953.5 KiB)