>Just as a question: the # are just in your mail? Hope so! They are just in the mail, as I copied my commands from the console >Leave away line 2 and 3. Just use the POSTROUTING rule and none for >FORWARD, given that the FORWARD policy is set to accept. 1_ I flushed the Ruleset, > Enabled Firewall, added Trusted Services SSH FTP and HTTP (WWW). Should I have added "Trusted Devices of eth1" ? because I did not. 2_ then # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT ipv6-crypt-- anywhere anywhere ACCEPT ipv6-auth-- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited 3_ # vi /etc/sysconfig/iptables *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT >Question: how is your router connected to the internet? Try >echo 0 > /proc/sys/net/ipv4/tcp_ecn Doesn't echo anything, but when I vi it, there is "0" I connect by cable modem. Still cannot get Host to connect to Internet! >Have you tried the config file I sent you... (Erik Espinoza) Thanks Erik. No I have not tried that yet, but saved it to attempt later tonight. any other advice? perhaps I need to re-image the host? I just noticed the clock and rh applet disappear since I untarred a FC1 /home/user dir onto a user account on the FC2 Host... ? Thanks in advance Chris
