Yes and no, You need something to forward the packets through the gateway and at the same time in this case change the source address to something routable over the internet. That's what iptables does, it's a statefull packet filtering firewall. It takes the private IP address and wraps it up in the address of it's internet address so it can be routed on the net. It's called Network Address Translation(NAT). There are a load of How-To's on this google="iptables nat"
-----Original Message----- From: Ken Plumley [mailto:[EMAIL PROTECTED] Sent: Saturday, August 09, 2003 6:42 PM To: [EMAIL PROTECTED] Subject: RE: Firewall / Internet Gateway Config Fails Jason, For testing only, if the firewall/gateway is configured correctly shouldn't the lan clients be able to reach the internet with out a firewall? I haven't worked with iptables, how do I add the rules to an existing rule set or build a new rule set? Ken --- Jason Staudenmayer <[EMAIL PROTECTED]> wrote: > Yeah the NAT table is in the iptables. Test these > rules: > > iptables -t nat -A POSTROUTING -s > 192.168.1.0/255.255.255.0 -o eth1 -j SNAT > --to-source outside_address > iptables -t nat -A POSTROUTING -s > 192.168.1.0/255.255.255.0 -j MASQUERADE > > These should work. > > > -----Original Message----- > From: Ken Plumley [mailto:[EMAIL PROTECTED] > Sent: Saturday, August 09, 2003 4:14 PM > To: [EMAIL PROTECTED] > Subject: RE: Firewall / Internet Gateway Config > Fails > > > Jason, > > Ok I will set GATEWAYDEV=eth0 > > I replaced an existing RH 6.2 firewall/gateway > machine > with the new RH 8.0 machine. The new machine has > the > same name and IP number that the old machine did so > all the machines on the lan are already configured > to > point to the new firewall/gateway. > > Are NAT rules the firewall rules? > > I shutdown the iptables firewall before I started > testing but the lan clients still can not reach the > internet. > > Ken > > --- Jason Staudenmayer <[EMAIL PROTECTED]> > wrote: > > The first way is right. You have to set up NAT > rules > > and set the gateways on > > your clients to point to your > > router/gateway/firewall > > > > -----Original Message----- > > From: Ken Plumley [mailto:[EMAIL PROTECTED] > > Sent: Saturday, August 09, 2003 3:37 PM > > To: Redhat List > > Subject: Firewall / Internet Gateway Config Fails > > > > > > I am trying to configure a red hat linux 8.0 > > combination firewall/internet gateway that serves > a > > LAN. > > > > eth0 is used with dhcp to reach the internet > through > > a > > cable modem. > > > > eth1 is used with a static IP to reach the LAN. > > > > With the GATEWAYDEV set to eth0 the machine can > > reach > > the internet and the lan at the same time but will > > not > > provide access from the lan to the internet. > > > > With the GATEWAYDEV set to eth1, as I think it > > should > > be, the machine can NOT reach the internet but can > > reach the lan. > > > > What am I configuring wrong? > > > > Any help would be much appreciated. > > > > Thanks, > > > > Ken > > > > Below are the network file configurations: > > > > File: > > /etc/sysconfig/network > > > > NETWORKING=yes > > HOSTNAME=firewallgate > > FORWARD_IPV4="yes" > > GATEWAYDEV=eth1 > > GATEWAY=0.0.0.0 > > > > > > File: > > /etc/sysconfig/networking/devices/ifcfg-eth0 > > > > USERCTL=yes > > PEERDNS=yes > > TYPE=Ethernet > > DEVICE=eth0 > > BOOTPROTO=dhcp > > ONBOOT=yes > > HWADDR=(The HWADDR is correct) > > > > > > File: > > /etc/sysconfig/networking/devices/ifcfg-eth1 > > > > USERCTL=yes > > PEERDNS=no > > TYPE=Ethernet > > DEVICE=eth1 > > HWADDR=(The HWADDR is correct) > > BOOTPROTO=none > > NETMASK=255.255.255.0 > > ONBOOT=yes > > IPADDR=192.168.1.3 > > NETWORK=192.168.1.0 > > BROADCAST=192.168.1.255 > > GATEWAY=0.0.0.0 > > > > > > File: > > /etc/sysconfig/networking/devices/eth0-route > > > > GATEWAY0=0.0.0.0 > > NETMASK0=0.0.0.0 > > ADDRESS0=0.0.0.0 > > > > > > File: > > /etc/sysconfig/networking/devices/eth1-route > > > > GATEWAY0=0.0.0.0 > > NETMASK0=255.255.255.255 > > ADDRESS0=192.168.1.3 > > > > > > > > __________________________________ > > Do you Yahoo!? > > Yahoo! SiteBuilder - Free, easy-to-use web site > > design software > > http://sitebuilder.yahoo.com > > > > > > -- > > redhat-list mailing list > > unsubscribe > > > mailto:[EMAIL PROTECTED] > > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > > -- > > redhat-list mailing list > > unsubscribe > > > mailto:[EMAIL PROTECTED] > > > https://www.redhat.com/mailman/listinfo/redhat-list > > > __________________________________ > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site > design software > http://sitebuilder.yahoo.com > > > -- > redhat-list mailing list > unsubscribe > mailto:[EMAIL PROTECTED] > https://www.redhat.com/mailman/listinfo/redhat-list > > > -- > redhat-list mailing list > unsubscribe > mailto:[EMAIL PROTECTED] > https://www.redhat.com/mailman/listinfo/redhat-list __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
