My firewall/gateway is partially working now, it can ping the lan and the internet. It looks like it needs scripts added to the firewall configuration written by lokkit to allow lan clients to reach the internet through the firewall/gateway. Could someone provide me with scripts that work with the lokkit scripts to allow this?
Thanks, Ken --- Jason Staudenmayer <[EMAIL PROTECTED]> wrote: > Yes and no, You need something to forward the > packets through the gateway > and at the same time in this case change the source > address to something > routable over the internet. That's what iptables > does, it's a statefull > packet filtering firewall. It takes the private IP > address and wraps it up > in the address of it's internet address so it can be > routed on the net. It's > called Network Address Translation(NAT). There are a > load of How-To's on > this google="iptables nat" > > > -----Original Message----- > From: Ken Plumley [mailto:[EMAIL PROTECTED] > Sent: Saturday, August 09, 2003 6:42 PM > To: [EMAIL PROTECTED] > Subject: RE: Firewall / Internet Gateway Config > Fails > > > Jason, > > For testing only, if the firewall/gateway is > configured correctly shouldn't the lan clients be > able > to reach the internet with out a firewall? > > I haven't worked with iptables, how do I add the > rules > to an existing rule set or build a new rule set? > > Ken > > > --- Jason Staudenmayer <[EMAIL PROTECTED]> > wrote: > > Yeah the NAT table is in the iptables. Test these > > rules: > > > > iptables -t nat -A POSTROUTING -s > > 192.168.1.0/255.255.255.0 -o eth1 -j SNAT > > --to-source outside_address > > iptables -t nat -A POSTROUTING -s > > 192.168.1.0/255.255.255.0 -j MASQUERADE > > > > These should work. > > > > > > -----Original Message----- > > From: Ken Plumley [mailto:[EMAIL PROTECTED] > > Sent: Saturday, August 09, 2003 4:14 PM > > To: [EMAIL PROTECTED] > > Subject: RE: Firewall / Internet Gateway Config > > Fails > > > > > > Jason, > > > > Ok I will set GATEWAYDEV=eth0 > > > > I replaced an existing RH 6.2 firewall/gateway > > machine > > with the new RH 8.0 machine. The new machine has > > the > > same name and IP number that the old machine did > so > > all the machines on the lan are already configured > > to > > point to the new firewall/gateway. > > > > Are NAT rules the firewall rules? > > > > I shutdown the iptables firewall before I started > > testing but the lan clients still can not reach > the > > internet. > > > > Ken > > > > --- Jason Staudenmayer <[EMAIL PROTECTED]> > > wrote: > > > The first way is right. You have to set up NAT > > rules > > > and set the gateways on > > > your clients to point to your > > > router/gateway/firewall > > > > > > -----Original Message----- > > > From: Ken Plumley [mailto:[EMAIL PROTECTED] > > > > Sent: Saturday, August 09, 2003 3:37 PM > > > To: Redhat List > > > Subject: Firewall / Internet Gateway Config > Fails > > > > > > > > > I am trying to configure a red hat linux 8.0 > > > combination firewall/internet gateway that > serves > > a > > > LAN. > > > > > > eth0 is used with dhcp to reach the internet > > through > > > a > > > cable modem. > > > > > > eth1 is used with a static IP to reach the LAN. > > > > > > With the GATEWAYDEV set to eth0 the machine can > > > reach > > > the internet and the lan at the same time but > will > > > not > > > provide access from the lan to the internet. > > > > > > With the GATEWAYDEV set to eth1, as I think it > > > should > > > be, the machine can NOT reach the internet but > can > > > reach the lan. > > > > > > What am I configuring wrong? > > > > > > Any help would be much appreciated. > > > > > > Thanks, > > > > > > Ken > > > > > > Below are the network file configurations: > > > > > > File: > > > /etc/sysconfig/network > > > > > > NETWORKING=yes > > > HOSTNAME=firewallgate > > > FORWARD_IPV4="yes" > > > GATEWAYDEV=eth1 > > > GATEWAY=0.0.0.0 > > > > > > > > > File: > > > /etc/sysconfig/networking/devices/ifcfg-eth0 > > > > > > USERCTL=yes > > > PEERDNS=yes > > > TYPE=Ethernet > > > DEVICE=eth0 > > > BOOTPROTO=dhcp > > > ONBOOT=yes > > > HWADDR=(The HWADDR is correct) > > > > > > > > > File: > > > /etc/sysconfig/networking/devices/ifcfg-eth1 > > > > > > USERCTL=yes > > > PEERDNS=no > > > TYPE=Ethernet > > > DEVICE=eth1 > > > HWADDR=(The HWADDR is correct) > > > BOOTPROTO=none > > > NETMASK=255.255.255.0 > > > ONBOOT=yes > > > IPADDR=192.168.1.3 > > > NETWORK=192.168.1.0 > > > BROADCAST=192.168.1.255 > > > GATEWAY=0.0.0.0 > > > > > > > > > File: > > > /etc/sysconfig/networking/devices/eth0-route > > > > > > GATEWAY0=0.0.0.0 > > > NETMASK0=0.0.0.0 > > > ADDRESS0=0.0.0.0 > > > > > > > > > File: > > > /etc/sysconfig/networking/devices/eth1-route > > > > > > GATEWAY0=0.0.0.0 > > > NETMASK0=255.255.255.255 > > > ADDRESS0=192.168.1.3 > > > > > > > > > > > > __________________________________ > > > Do you Yahoo!? > > > Yahoo! SiteBuilder - Free, easy-to-use web site > > > design software > > > http://sitebuilder.yahoo.com > > > > > > > > > -- > > > redhat-list mailing list > > > unsubscribe > === message truncated === __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list