Thank you to all for the help. I had the forwarding on but not - "iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE" I entered this from the command line and it fixed my problem. NEW QUESTION - is my box masquerading or NATing after I entered this command? Also my new problem is that my IPSEC does not work now. Is there a command to let IPSEC pass through while I am NATing or MASQUERADING? Thank you again, BTW - I am using IPTABLES and SSH Sentinel for a client. THe IPSEC connection did work before I started NATing or MASQUERADING. Doug
-----Original Message----- From: Peter Robb [mailto:[EMAIL PROTECTED]] Sent: Saturday, November 23, 2002 7:35 AM To: [EMAIL PROTECTED] Subject: Re: DUAL-homed Gateway On Sat, 2002-11-23 at 05:17, Simpson, Doug wrote: > I have set up a RH 7.3 box with two nics. It is acting as my gateway, > firewall, proxy server, imap/smtp, dhcp, samba, etc. > The Internal nic "eth1" is 192.168.1.1 and the external nic is "eth0" = > x.y.z.1. > >From a computer on the internal network - I can get to the internet via the > proxy. I can send smtp mail - out. I can get to the shares on the server. > But I cannot ping an address on the internet and I cannot get to my pop3 > mail account out on the internet. I can ping eth0 from inside but I cannot > ping beyond that address. > >From the server/dual-homed gateway I can ping out to the Internet and ping > into the internal network. I can get out to the internet via a web browser. > It has to be a routing issue but what do I need to look for? My netstat > looks correct. Is it ipforwarding form the inside out? > Help any info or insight would be better than nothing. > Thanks, > Doug The two essential ingredients are ip_forwarding and ip_masquerading. echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE The forwarding allows packets to be routed through the gateway & masquerading allows LAN generated packets to find a return path home Have a look at this HOWTO http://tldp.org/HOWTO/IP-Masquerade-HOWTO/index.html Regards, Peter > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe > https://listman.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
