Jeff Vian wrote:
This turned out to be the same solution as last time I had this problem, but, the whole reason has me stumped.
I have not used tcpdump in some time, but that does not look correct for the external interface.
192.168.2.253 and 10.0.4.62 are both private addresses. You may have forwarding on but not masquerading. If that is true the it goes out but never gets back.....
iptables -t nat -A POSTROUTING -o 66.225.207.87 -j MASQUERADE
The addition of this line did it. Most of the scripts I've been trying, and tutorials, and the manual for iptables itself, say don't use MASQUERADE for static IP addresses.
"This target is only valid in the nat table, in the POSTROUTING chain. It should only be used with dynamically assigned IP (dialup) connections: if you have a static IP address, you
should use the SNAT target." -- from the man for iptables in FC3. When I brought the working machine home, it was still configured with MASQUERADE, and it was only when things refused to work that I started getting into more involved firewall scripting. Every tutorial I read said not to use MASQUERADE for static IP addresses, so I eventually configured my script without it -- so, why does it work???
If anyone reads this could you point your browser at http://66.225.207.87 and tell me if it returns a page "Creative Media Associates" so I can know if http server is up.
-- Claude Jones Bluemont, VA, USA
