On Sun, 2005-03-13 at 20:16 -0500, Claude Jones wrote: > On Sun, 13 Mar 2005 19:58:34 -0500, Jeff Vian <jvian10@xxxxxxxxxxx> wrote: > > > On Sun, 2005-03-13 at 19:33 -0500, Claude Jones wrote: > > >> Now, if I could just figure out where the block is > >> between my Lan and my Wan --- > >> > >> > > That just about has to be "something" in the iptables setup. The LAN > > machines get to the firewall box. The firewall box gets to the > > internet. But the LAN boxes don't get passed through. > > > > It would need to be related to 1) ip forwarding, 2) ip masquerading aka > > NAT, or 3) otherwise blocking. > > > > I have not looked at your script, and am not an expert on iptables > > scripts anyway but I can identify the location and likely part > > containing the problem. > > > > One approach may be to set up tcpdump to capture a small part of a > > session that should work but does not, then analyze it to see what is > > blocking the passthrough. > > I'm reading up on how to set up some sort of trace to log what's going on > as I write. > > I hope someone who's an iptables guru can find the time to look through my > script. I have the feeling this is a case of "The Purloined Letter". The > answer is in front of my face but after 18 hours of fighting this, I'm > blind --- > Just a thought. What did you use to create the firewall script? As one who is not a guru on iptables I find fwbuilder a very good tool for what I need and it does the script building for me. As long as you can build the firewall rules with graphics objects it can convert it to a usable script for setting the rules on the server for you. I have used it for both servers on the internet, and for firewall machines as you are doing. > > > -- > Claude Jones > Bluemont, VA >
