[NTLUG:Discuss] IP Masquerding on RH7.2

Paul Ingendorf pauldy at wantek.net
Sat Feb 23 05:53:47 CST 2002 

Most common problem would be you forgot to

echo 1 > /proc/sys/net/ipv4/ip_forward

otherwise what you have given looks correct.  There is no need for the multiple forwarding policies though.   The last three pretty much cover the same nets I would just use the last one and remove the other 2.  Also try and ipchains-save to make sure you are sending us all the chains in your firewall config.

-- 
-->> mailto:pauldy at wantek.net
-->> http://www.wantek.net/
Running ....... Cos anything else would be a waste...
`:::'                  .......  ......
 :::  *                  `::.    ::'
 ::: .::  .:.::.  .:: .::  `::. :'
 :::  ::   ::  ::  ::  ::    :::.
 ::: .::. .::  ::.  `::::. .:'  ::.
.:::.....................::'   .::::..


-----Original Message-----
From: discuss-admin at ntlug.org [mailto:discuss-admin at ntlug.org]On Behalf
Of Tim Willis
Sent: Thursday, February 21, 2002 4:40 PM
To: discuss at ntlug.org
Subject: [NTLUG:Discuss] IP Masquerding on RH7.2


Using this configuration I am able to ping IP addresses on my external
network and ping IP addresses on the internet.  I am not, however, able
to browse the web, or send/receive pop3 traffic.  What's wrong with my
setup?  

[root at sauron sbin]# ./ipchains -L
Chain input (policy ACCEPT):
target     prot opt     source                destination
ports
ACCEPT     udp  ------  zaphod.coderite.com  anywhere
domain ->   1025:65535
ACCEPT     all  ------  anywhere             anywhere              n/a
ACCEPT     all  ------  anywhere             anywhere              n/a
REJECT     tcp  -y----  anywhere             anywhere              any
->   0:1023
REJECT     tcp  -y----  anywhere             anywhere              any
->   nfs
REJECT     udp  ------  anywhere             anywhere              any
->   0:1023
REJECT     udp  ------  anywhere             anywhere              any
->   nfs
REJECT     tcp  -y----  anywhere             anywhere              any
->   x11:6009
REJECT     tcp  -y----  anywhere             anywhere              any
->   xfs
Chain forward (policy ACCEPT):
target     prot opt     source                destination
ports
MASQ       all  ------  zaphod.coderite.com/24 anywhere              n/a
MASQ       all  ------  192.168.1.0/24       anywhere              n/a
MASQ       all  ------  192.168.0.0/16       anywhere              n/a
MASQ       all  ------  192.168.0.0/16       anywhere              n/a
Chain output (policy ACCEPT):


_______________________________________________
http://www.ntlug.org/mailman/listinfo/discuss

More information about the Discuss mailing list