HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials - Iptables gateway with one lan adapter

Hi.
I currently offer free wifi access to customers in my pub and I am trying to implement a layer 7 filter to block P2P filesharing.
The network looks like this (router_wifi does NAT):

router (10.0.1.1)
--> debian-box (10.0.1.2)
--> (10.0.1.5) router_wifi (10.0.2.1) -> clients (10.0.2.x)

My plan is to use debian-box to take care of the P2P blocking: I compiled ipp2p (tcp layer7 packet analyzer) but I can't figure out how to make the machine act as a gateway for the wifi clients.
All the examples I found online refer to the situation where the computer has two network interfaces, but I only have eth0.
This is what I got so far:

Code:

# Interface connected to Internet

INTERNET="eth0"



# Address connected to LAN

LOCAL="10.0.0.0/16"



# Clean old firewall

iptables -F

iptables -X

iptables -t nat -F

iptables -t nat -X

iptables -t mangle -F

iptables -t mangle -X



# Enable Forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward



# Setting default filter policy

iptables -P INPUT DROP

iptables -P OUTPUT ACCEPT



# Unlimited access to loop back

iptables -A INPUT -i lo -j ACCEPT

iptables -A OUTPUT -o lo -j ACCEPT



# Allow UDP, DNS and Passive FTP

iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT



# block P2P

iptables -A FORWARD -m ipp2p --ipp2p -j DROP

iptables -A INPUT -m ipp2p --ipp2p -j DROP

iptables -A OUTPUT -m ipp2p --ipp2p -j DROP



# set this system as a router for Rest of LAN

iptables -t nat -A POSTROUTING -o $INTERNET -j MASQUERADE

iptables -A FORWARD -s $LOCAL -j ACCEPT



# unlimited access to LAN

iptables -A INPUT -s $LOCAL -j ACCEPT

iptables -A OUTPUT -s $LOCAL -j ACCEPT



# DROP everything and Log it

iptables -A INPUT -j LOG

iptables -A INPUT -j DROP