This is how i do it on a box that has Taolinux, I imagine it would be the same on Fedora: ## /etc/sysconfig/itpables *nat -A POSTROUTING -o eth0 -j MASQUERADE COMMIT *filter :INPUT ACCEPT [0:0] :FORWARD DROP [0:0] -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT -A FORWARD -i eth1 -o eth0 -j ACCEPT :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT # EOF In addition I had to add the following into my /etc/sysctl.conf: # Controls IP packet forwarding net.ipv4.ip_forward = 1 Try this configuration out, let me know if it works for you. Erik On Tue, 15 Jun 2004 13:54:02 -0400, Michael Floyd <michael.floyd@xxxxxxx> wrote: > > Well, at least I tried. > I was along the right lines though and Rodolfo J. Paiz hit it right on the > head. > I think I'll just stick to reading instead of awnsering. > > And BTW. I agree with the "FC2 Issues" thread.... Those kind of bugs should > NOT make it into a offical release that isn't an RC. > ( alas, I too was bitten by the duel boot bug and so where quite a few > others that I know. ) > > > > -----Original Message----- > From: fedora-list-bounces@xxxxxxxxxx > [mailto:fedora-list-bounces@xxxxxxxxxx]On Behalf Of Alexander Dalloz > Sent: June 15, 2004 1:45 PM > To: For users of Fedora Core releases > Subject: Re: nat masquerade router > > Am Di, den 15.06.2004 schrieb Michael Floyd um 19:29: > > > Well I see that your using a 24 bit subnet mask ( 255.255.255.0 ) not a 16 > > bit ( 255.255.0.0 ) > > It would be your firewall rules that are blocking you..... > > Right. > > > These two lines...... > > # iptables -A FORWARD -s 192.168.0.0/16 -j ACCEPT# iptables -A FORWARD > > -d 192.168.0.0/16 -j ACCEPT > > # iptables -A FORWARD -s ! 192.168.0.0/16 -j DROP > > > > the ip's should be 192.168.1.0/24 not 192.168.0.0/16 > > the way it's writen, you drop everthing on your subnet. > > No :) That doesn't matter. 192.168.0.0/16 includes the 192.168.1.0/24 > net. He is just bit more permissive than it needs. But does no harm. > > What is causing the blocking is: > > iptables -A FORWARD -s ! 192.168.0.0/16 -j DROP > > It drops all incoming traffic not being from the private address range. > Thus packages from public internet are dropped. > > What you intend is better placed to the INPUT chain. > > > Michael Floyd > > Alexander > > -- > Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13 > Fedora GNU/Linux Core 2 (Tettnang) on Athlon CPU kernel 2.6.6-1.435 > Serendipity 19:36:44 up 16:03, 8 users, 0.31, 0.29, 0.31 > > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list >
