You need to do masquerading NAT in order to make it work. Something like iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Your ADSL router probably already perform MASQ NAT on the 192.168.5.0/24 addresses, but not on the 192.168.1.0/24 addresses, so something like the above is needed. Niels -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Stuart Thorn Sent: Monday, May 27, 2002 7:57 AM To: [EMAIL PROTECTED] Subject: Simple IP forwarding setup Hi. Could somebody point me in the right direction on a ip forwarding problem that I've got despite endless trawling through FAQ's. I have this setup with Redhat 7.1: ---- |INET| ---- | |*public_ip_address ----------- |ADSL Router| ----------- |* 192.168.5.10 | |*[eth0]192.168.5.1 ----------- | | |---| | Linux |------------------------|DMZ| | iptables | *[eth2]192.168.2.1 |---| | | ----------- |*[eth1]192.168.1.1 | | --- |LAN| --- What I want, to start with, is for all outgoing traffic on lan to be forwarded to external internet connection. What I've done is added on firewall route add default gw 192.168.5.10 and run the following script #/bin/sh echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/iptables --flush /sbin/iptables --table nat --flush /sbin/iptables --delete-chain /sbin/iptables --table nat --delete-chain /sbin/iptables --append FORWARD --in-interface eth0 -j ACCEPT /sbin/iptables --append FORWARD --in-interface eth1 -j ACCEPT /sbin/iptables --append FORWARD --in-interface eth2 -j ACCEPT After this I can ping from firewall to internet and to 192.168.1.* subnet. However on 192.168.1.* subnet I can ping 192.168.1.1, 192.168.5.1 but not 192.168.5.10 and not any external addresses. I would be grateful for any advice on troubleshooting this. Thanks. _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com
