[Slackware] router wil niet werken

-----------------------
|                     |
|      Internet       |
|                     |
-----------------------
          |
          |
          |
-----------------------
|                     |
|     COM21 Modem     |
|     CableWanadoo    |
|                     |
-----------------------
          |
          | eth0 3Com PCI 3C590 10Mbps IRQ 10 / ppp0 --- DHCP
          |
-----------------------
|                     |
|      Slackware      |
|      Router &       |
|      Firewall       |
|                     |
-----------------------
          |
          | eth1 RealTek RTL8193C 10/100Mbps IRQ 11 --- IP 192.168.0.1
          |
-----------------------   -------------------------
|                     |   |                       |
|   3Com SuperStack   |   |     Nog te kopen      |   ---------------
|   Dual Speed Hub    |---|  Wireless Accespoint  |---| 192.168.3.1 |
|     500 3C16611     |   |                       |   ---------------
|                     |   -------------------------
-----------------------
 |  |     |       |  |
 |  |     |       |  |
 |  |     |       |  |
---------------  ---------------
| 192.168.1.1 |  | 192.168.1.2 |
---------------  ---------------
    |     |          |
    |     |          |
    |     |          |
---------------  ---------------
| 192.168.2.1 |  | 192.168.2.2 |
---------------  ---------------
          |
          |
          |
         ---------------
         | 192.168.2.3 |
         ---------------

# config information for eth0:
ipaddr[0]=""
netmask[0]=""
use_dhcp[0]="yes"
dhcp_hostname[0]=""

# config information for eth1:
ipaddr[1]="192.168.0.1"
netmask[1]="255.255.255.0"
use_dhcp[1]=""
dhcp_hostname[1]=""

nameserver 195.96.96.97
nameserver 195.96.96.33

order hosts,bind
multi on

# For loopbacking.
127.0.0.1     localhost loopback

# For local network (LAN).
192.168.0.1 ares.pantheon.nl ares           #router/firewall (this host)

#pc's benedenverdieping
192.168.1.1 athena.pantheon.nl athena       #pc 1 studeerkamer
192.168.1.2 aeolus.pantheon.nl aeolus       #pc 2 studeerkamer

#pc's bovenverdieping
192.168.2.1 atlas.pantheon.nl atlas         #server slaapkamer bart
192.168.2.2 aphrodite.pantheon.nl aphrodite #pc slaapkamer bart
192.168.2.3 apollo.pantheon.nl apollo       #mp3-speler slaapkamer bart

#draadloze verbindingen (laptops)
192.168.3.1 artemis.pantheon.nl artemis     #laptop bart

echo "Loading the rc.firewall ruleset..."
/etc/rc.d/rc.firewall-iptables

#!/bin/sh

echo -e "\n\nLoading simple rc.firewall version $FWVER..\n"


# The location of the iptables and kernel module programs
#
#   If your Linux distribution came with a copy of iptables, 
#   most likely all the programs will be located in /sbin.  If 
#   you manually compiled iptables, the default location will
#   be in /usr/local/sbin
#
# ** Please use the "whereis iptables" command to figure out 
# ** where your copy is and change the path below to reflect 
# ** your setup
#
#IPTABLES=/sbin/iptables
IPTABLES=/usr/sbin/iptables
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe


#Setting the EXTERNAL and INTERNAL interfaces for the network
#
#  Each IP Masquerade network needs to have at least one
#  external and one internal network.  The external network
#  is where the natting will occur and the internal network
#  should preferably be addressed with a RFC1918 private address
#  scheme.
#
#  For this example, "eth0" is external and "eth1" is internal"
#
#
#  NOTE:  If this doesnt EXACTLY fit your configuration, you must 
#         change the EXTIF or INTIF variables above. For example: 
#
#            If you are a PPPoE or analog modem user:
#
#               EXTIF="ppp0" 
#
#
EXTIF="ppp0"
INTIF="eth1"
echo "   External Interface:  $EXTIF"
echo "   Internal Interface:  $INTIF"


#======================================================================
#== No editing beyond this line is required for initial MASQ testing ==


echo -en "   loading modules: "

# Need to verify that all modules have all required dependencies
#
echo "  - Verifying that all kernel modules are ok"
$DEPMOD -a

# With the new IPTABLES code, the core MASQ functionality is now either
# modular or compiled into the kernel.  This HOWTO shows ALL IPTABLES
# options as MODULES.  If your kernel is compiled correctly, there is
# NO need to load the kernel modules manually.  
#
#  NOTE: The following items are listed ONLY for informational reasons.
#        There is no reason to manual load these modules unless your
#        kernel is either mis-configured or you intentionally disabled
#        the kernel module autoloader.
#

# Upon the commands of starting up IP Masq on the server, the
# following kernel modules will be automatically loaded:
#
# NOTE:  Only load the IP MASQ modules you need.  All current IP MASQ 
#        modules are shown below but are commented out from loading.
# ===============================================================

echo "----------------------------------------------------------------------"

#Load the main body of the IPTABLES module - "iptable"
#  - Loaded automatically when the "iptables" command is invoked
#
#  - Loaded manually to clean up kernel auto-loading timing issues
#
echo -en "ip_tables, "
$MODPROBE ip_tables


#Load the IPTABLES filtering module - "iptable_filter" 
#  - Loaded automatically when filter policies are activated


#Load the stateful connection tracking framework - "ip_conntrack"
#
# The conntrack  module in itself does nothing without other specific 
# conntrack modules being loaded afterwards such as the "ip_conntrack_ftp"
# module
#
#  - This module is loaded automatically when MASQ functionality is 
#    enabled 
#
#  - Loaded manually to clean up kernel auto-loading timing issues
#
echo -en "ip_conntrack, "
$MODPROBE ip_conntrack


#Load the FTP tracking mechanism for full FTP tracking
#
# Enabled by default -- insert a "#" on the next line to deactivate
#
echo -en "ip_conntrack_ftp, "
$MODPROBE ip_conntrack_ftp


#Load the IRC tracking mechanism for full IRC tracking
#
# Enabled by default -- insert a "#" on the next line to deactivate
#
echo -en "ip_conntrack_irc, "
$MODPROBE ip_conntrack_irc


#Load the general IPTABLES NAT code - "iptable_nat"
#  - Loaded automatically when MASQ functionality is turned on
# 
#  - Loaded manually to clean up kernel auto-loading timing issues
#
echo -en "iptable_nat, "
$MODPROBE iptable_nat


#Loads the FTP NAT functionality into the core IPTABLES code
# Required to support non-PASV FTP.
#
# Enabled by default -- insert a "#" on the next line to deactivate
#
echo -en "ip_nat_ftp, "
$MODPROBE ip_nat_ftp


#Loads the IRC NAT functionality into the core IPTABLES code
# Required to support NAT of IRC DCC requests
#
# Disabled by default -- remove the "#" on the next line to activate
#
#echo -e "ip_nat_irc"
#$MODPROBE ip_nat_irc

echo "----------------------------------------------------------------------"

# Just to be complete, here is a partial list of some of the other  
# IPTABLES kernel modules and their function.  Please note that most 
# of these modules (the ipt ones) are automatically loaded by the 
# master kernel module for proper operation and don't need to be 
# manually loaded.
# --------------------------------------------------------------------
#
#    ip_nat_snmp_basic - this module allows for proper NATing of some 
#                        SNMP traffic
#
#    iptable_mangle    - this target allows for packets to be 
#                        manipulated for things like the TCPMSS 
#                        option, etc.
#
# --
#
#    ipt_mark       - this target marks a given packet for future action.
#                     This automatically loads the ipt_MARK module
#
#    ipt_tcpmss     - this target allows to manipulate the TCP MSS
#                     option for braindead remote firewalls.
#                     This automatically loads the ipt_TCPMSS module
#
#    ipt_limit      - this target allows for packets to be limited to
#                     to many hits per sec/min/hr
#
#    ipt_multiport  - this match allows for targets within a range
#                     of port numbers vs. listing each port individually
#
#    ipt_state      - this match allows to catch packets with various
#                     IP and TCP flags set/unset
#
#    ipt_unclean    - this match allows to catch packets that have invalid
#                     IP/TCP flags set
#
#    iptable_filter - this module allows for packets to be DROPped, 
#                     REJECTed, or LOGged.  This module automatically 
#                     loads the following modules:
#
#                     ipt_LOG - this target allows for packets to be 
#                               logged
#
#                     ipt_REJECT - this target DROPs the packet and returns 
#                                  a configurable ICMP packet back to the 
#                                  sender.
# 

echo -e "   Done loading modules.\n"


#CRITICAL:  Enable IP forwarding since it is disabled by default since
#
#           Redhat Users:  you may try changing the options in
#                          /etc/sysconfig/network from:
#
#                       FORWARD_IPV4=false
#                             to
#                       FORWARD_IPV4=true
#
echo "   Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward


# Dynamic IP users:
#
#   If you get your IP address dynamically from SLIP, PPP, or DHCP, 
#   enable this following option.  This enables dynamic-address hacking
#   which makes the life with Diald and similar programs much easier.
#
echo "   Enabling DynamicAddr.."
echo "1" > /proc/sys/net/ipv4/ip_dynaddr


# Enable simple IP forwarding and Masquerading
#
#  NOTE:  In IPTABLES speak, IP Masquerading is a form of SourceNAT or SNAT.
#
#  NOTE #2:  The following is an example for an internal LAN address in the
#            192.168.0.x network with a 255.255.255.0 or a "24" bit subnet mask
#            connecting to the Internet on external interface "ppp0".  This
#            example will MASQ internal traffic out to the Internet but not
#            allow non-initiated traffic into your internal network.
#
#            
#         ** Please change the above network numbers, subnet mask, and your 
#         *** Internet connection interface name to match your setup
#         


#Clearing any previous configuration
#
#  Unless specified, the defaults for INPUT and OUTPUT is ACCEPT
#    The default for FORWARD is DROP (REJECT is not a valid policy)
#
#   Isn't ACCEPT insecure?  To some degree, YES, but this is our testing
#   phase.  Once we know that IPMASQ is working well, I recommend you run
#   the rc.firewall-*-stronger rulesets which set the defaults to DROP but
#   also include the critical additional rulesets to still let you connect to
#   the IPMASQ server, etc.
#
echo "   Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT 
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT 
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD 
$IPTABLES -t nat -F

echo "   FWD: Allow all connections OUT and only existing and related ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG

echo "   Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE


echo -e "\nDone.\n"

-----------------------
|                     |
|      Internet       |
|                     |
-----------------------
          |
          |
          |
-----------------------
|                     |
|     COM21 Modem     |
|     CableWanadoo    |
|                     |
-----------------------
          |
          | eth0 3Com PCI 3C590 10Mbps IRQ 10 / ppp0 --- DHCP
          |
-----------------------
|                     |
|      Slackware      |
|      Router &       |
|      Firewall       |
|                     |
-----------------------
          |
          | eth1 RealTek RTL8193C 10/100Mbps IRQ 11 --- IP 192.168.0.1
          |
-----------------------   -------------------------
|                     |   |                       |
|   3Com SuperStack   |   |     Nog te kopen      |   ----------------
|   Dual Speed Hub    |---|  Wireless Accespoint  |---| 192.168.0.30 |
|     500 3C16611     |   |                       |   ----------------
|                     |   -------------------------
-----------------------
 |  |     |       |  |
 |  |     |       |  |
 |  |     |       |  |
----------------  ----------------
| 192.168.0.10 |  | 192.168.0.11 |
----------------  ----------------
    |     |          |
    |     |          |
    |     |          |
----------------  ----------------
| 192.168.0.20 |  | 192.168.0.21 |
----------------  ----------------
          |
          |
          |
         ----------------
         | 192.168.0.22 |
         ----------------

# For loopbacking.
127.0.0.1      localhost loopback

# For local network (LAN).
192.168.0.1     ares.pantheon.nl ares           #router/firewall (this host)

#pc's benedenverdieping
192.168.0.10    athena.pantheon.nl athena       #pc 1 studeerkamer
192.168.0.11    aeolus.pantheon.nl aeolus       #pc 2 studeerkamer

#pc's bovenverdieping
192.168.0.20    atlas.pantheon.nl atlas         #server slaapkamer bart
192.168.0.21    aphrodite.pantheon.nl aphrodite #pc slaapkamer bart
192.168.0.22    apollo.pantheon.nl apollo       #mp3-speler slaapkamer bart

#draadloze verbindingen (laptops)
192.168.0.30    artemis.pantheon.nl artemis     #laptop bart