On Tue, 2004-06-15 at 16:43, fedora wrote: > >Just as a question: the # are just in your mail? Hope so! > > They are just in the mail, as I copied my commands from the console > > >Leave away line 2 and 3. Just use the POSTROUTING rule and none for > >FORWARD, given that the FORWARD policy is set to accept. > > 1_ I flushed the Ruleset, > Enabled Firewall, added Trusted Services SSH > FTP and HTTP (WWW). Should I have added "Trusted Devices of eth1" ? > because I did not. > > 2_ then > # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > > # iptables -L > Chain INPUT (policy ACCEPT) > target prot opt source destination > RH-Firewall-1-INPUT all -- anywhere anywhere > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > RH-Firewall-1-INPUT all -- anywhere anywhere > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > Chain RH-Firewall-1-INPUT (2 references) > target prot opt source destination > ACCEPT all -- anywhere anywhere > ACCEPT icmp -- anywhere anywhere icmp any > ACCEPT ipv6-crypt-- anywhere anywhere > ACCEPT ipv6-auth-- anywhere anywhere > ACCEPT all -- anywhere anywhere state > RELATED,ESTABLISHED > ACCEPT tcp -- anywhere anywhere state NEW > tcp dpt:http > ACCEPT tcp -- anywhere anywhere state NEW > tcp dpt:https > ACCEPT tcp -- anywhere anywhere state NEW > tcp dpt:ftp > ACCEPT tcp -- anywhere anywhere state NEW > tcp dpt:ssh > REJECT all -- anywhere anywhere reject-with > icmp-host-prohibited > > 3_ > # vi /etc/sysconfig/iptables > > *filter > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > :RH-Firewall-1-INPUT - [0:0] > -A INPUT -j RH-Firewall-1-INPUT > -A FORWARD -j RH-Firewall-1-INPUT > -A RH-Firewall-1-INPUT -i lo -j ACCEPT > -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT > -A RH-Firewall-1-INPUT -p 50 -j ACCEPT > -A RH-Firewall-1-INPUT -p 51 -j ACCEPT > -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j > ACCEPT > -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited > COMMIT > > >Question: how is your router connected to the internet? Try > >echo 0 > /proc/sys/net/ipv4/tcp_ecn > > Doesn't echo anything, but when I vi it, there is "0" > > I connect by cable modem. > > Still cannot get Host to connect to Internet! > > >Have you tried the config file I sent you... (Erik Espinoza) > Thanks Erik. No I have not tried that yet, but saved it to attempt later > tonight. > > any other advice? perhaps I need to re-image the host? I just noticed > the clock and rh applet disappear since I untarred a FC1 /home/user dir > onto a user account on the FC2 Host... ? > > Thanks in advance > Chris 1) I would also check resolv.conf for nameserver IP's and add eth1 as a trusted device. 2) Check <cat /proc/sys/net/ipv4/ip_forward> should be 1, if not change # Controls IP packet forwarding net.ipv4.ip_forward = 1 in /etc/sysctl.conf 3) Try <iptables -L -v -n> to see what rules are seeing packets and where they are lost. jludwig <wralphie@xxxxxxxxxxx>
