I have a Raspberry Pi that I'm using as a router via IP forwarding + NAT masqueradeing (basically following the guide from the documentation). I would like to setup my iptables rules to drop all INPUT and FORWARD packets except for those associated with existing outbound connections from the Pi as well as outbound connections from devices on my LAN that have been routed through the Pi.
I've set up my rules as show below. I'm able to connect to the internet from the Pi itself, but I am unable to access the internet from any of the devices on my LAN. What rule(s) should I add to make this work?
Chain INPUT (policy DROP 64 packets, 10914 bytes)
pkts bytes target prot opt in out source destination
54 5045 ACCEPT all -- lo any anywhere anywhere
47 7490 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
412 141K ACCEPT all -- eth0 wlan1 anywhere anywhere state RELATED,ESTABLISHED
501 115K ACCEPT all -- wlan1 eth0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 159 packets, 19417 bytes)
pkts bytes target prot opt in out source destination
56 5125 ACCEPT all -- any lo anywhere anywhere
# NAT Table
Chain PREROUTING (policy ACCEPT 162 packets, 21899 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 93 packets, 9766 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 99 packets, 7649 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 26 packets, 2515 bytes)
pkts bytes target prot opt in out source destination
92 6414 MASQUERADE all -- any eth0 anywhere anywhere
