On Sun, 2005-03-13 at 15:53 -0500, Claude Jones wrote: > Arthur Pemberton wrote: > > > Claude Jones wrote: > > > >> Arthur Pemberton wrote: > >> > >>> Claude Jones wrote: > >>> > >>>> The web server works. > >>>> The box has internet access. > >>>> Machines on the Lan are getting DHCP assigned IP addresses. They > >>>> are also able to see my lone web page. > >>>> However, the machines on the Lan can't get past the firewall. It's > >>>> not a DNS problem because it doesn't go away if you put an IP > >>>> address in. I can ping the Wan NIC from the LAN but nothing further > >>>> than that. > >>>> I've reviewed the procedures over and over that I used > >>>> successfully, and I can't find the problem. > >>>> DHCPD loads without errors. > >>>> I've checked and rechecked the firewall and SELinux settings, and > >>>> they appear to be the same as at the office. > >>>> I've reviewed the network settings for my NICs twenty times. > >>>> IP forwarding and masquerade have been set up. > >>>> What have I overlooked??? I have to have this running in three > >>>> hours so any suggestions would be greatly appreciated! > >>> > >>> > >>> > >>> I have almost exactly the same setup as you up and running. See my > >>> firewall iptables script (it may help you): > >>> http://pembo13.dalive.com/scripts/bash/firewall.php > >>> > >> I'm looking at your script now. When I get done with all the mods to > >> work with my system, how do I run it? Forgive me for I'm new to all > >> this... > >> > > No prob. I've been there myself. To run you can run either of the > > floowing commands: > > > > 1) $ sh firewall.sh > > > > or > > > > 2) $ chmod +x firewall.sh # you shoudl only need to run this > > first command the first time you attempt this method > > $ ./firewall.sh > > > Thanks. I did figure this one out. I'm still finding it hard to figure > out where to put this script once it works, and how to run it at > boot-time. Meanwhile, even though the firewall starts and stops and the > rules seem right, I'm still not getting out from the Lan. DHCPD seems > fine - my inside machines get addresses, and they can ping the outside > NIC on the Linux box, and they can see the one page on my web server. > But, that's as far as they can get. As far as the firewall script goes, you only need to run it once if you then do the following (as root) before you shutdown. # service iptables save It then will save the settings in a file (/etc/sysconfig/iptables) that automatically gets read and processed each time you boot. After having done this, the only time you will need to redo it is if you make a change int he firewall and need to update the startup configuration. >
