Re: re nat masquerade router

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2004-06-15 at 16:43, fedora wrote:
> >Just as a question: the # are just in your mail? Hope so!
> 
> They are just in the mail, as I copied my commands from the console
> 
> >Leave away line 2 and 3. Just use the POSTROUTING rule and none for
> >FORWARD, given that the FORWARD policy is set to accept.
> 
> 1_ I flushed the Ruleset, > Enabled Firewall, added Trusted Services SSH
> FTP and HTTP (WWW). Should I have added "Trusted Devices of eth1" ?
> because I did not.
> 
> 2_ then
> # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> 
> # iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> RH-Firewall-1-INPUT  all  --  anywhere             anywhere
>  
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> RH-Firewall-1-INPUT  all  --  anywhere             anywhere
>  
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>  
> Chain RH-Firewall-1-INPUT (2 references)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     icmp --  anywhere             anywhere            icmp any
> ACCEPT     ipv6-crypt--  anywhere             anywhere
> ACCEPT     ipv6-auth--  anywhere             anywhere
> ACCEPT     all  --  anywhere             anywhere            state
> RELATED,ESTABLISHED
> ACCEPT     tcp  --  anywhere             anywhere            state NEW
> tcp dpt:http
> ACCEPT     tcp  --  anywhere             anywhere            state NEW
> tcp dpt:https
> ACCEPT     tcp  --  anywhere             anywhere            state NEW
> tcp dpt:ftp
> ACCEPT     tcp  --  anywhere             anywhere            state NEW
> tcp dpt:ssh
> REJECT     all  --  anywhere             anywhere            reject-with
> icmp-host-prohibited
> 
> 3_
> # vi /etc/sysconfig/iptables
> 
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :RH-Firewall-1-INPUT - [0:0]
> -A INPUT -j RH-Firewall-1-INPUT
> -A FORWARD -j RH-Firewall-1-INPUT
> -A RH-Firewall-1-INPUT -i lo -j ACCEPT
> -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
> -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
> -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j
> ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j
> ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j
> ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
> ACCEPT
> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
> COMMIT
> 
> >Question: how is your router connected to the internet? Try
> >echo 0 > /proc/sys/net/ipv4/tcp_ecn
> 
> Doesn't echo anything, but when I vi it, there is "0"
> 
> I connect by cable modem.
> 
> Still cannot get Host to connect to Internet!
> 
> >Have you tried the config file I sent you... (Erik Espinoza)
> Thanks Erik. No I have not tried that yet, but saved it to attempt later
> tonight.
> 
> any other advice? perhaps I need to re-image the host? I just noticed
> the clock and rh applet disappear since I untarred a FC1 /home/user dir
> onto a user account on the FC2 Host... ?
> 
> Thanks in advance
> Chris

1) I would also check resolv.conf for nameserver IP's and add eth1 as a
trusted device.

2) Check <cat /proc/sys/net/ipv4/ip_forward> should be 1, if not change
 
# Controls IP packet forwarding
net.ipv4.ip_forward = 1

in /etc/sysctl.conf

3) Try <iptables -L -v -n> to see what rules are seeing packets and
where they are lost.



jludwig <wralphie@xxxxxxxxxxx>



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux