> Thank you to all for the help. > I had the forwarding on but not - "iptables -t nat -I POSTROUTING -o > eth0 -j MASQUERADE" > I entered this from the command line and it fixed my problem. > NEW QUESTION - is my box masquerading or NATing after I entered this > command? > Also my new problem is that my IPSEC does not work now. Is there a > command to let IPSEC pass through while I am NATing or MASQUERADING? > Thank you again, > BTW - I am using IPTABLES and SSH Sentinel for a client. THe IPSEC > connection did work before I started NATing or MASQUERADING. > Doug > > > > -----Original Message----- > From: Peter Robb [mailto:[EMAIL PROTECTED]] > Sent: Saturday, November 23, 2002 7:35 AM > To: [EMAIL PROTECTED] > Subject: Re: DUAL-homed Gateway > > > On Sat, 2002-11-23 at 05:17, Simpson, Doug wrote: >> I have set up a RH 7.3 box with two nics. It is acting as my gateway, >> firewall, proxy server, imap/smtp, dhcp, samba, etc. >> The Internal nic "eth1" is 192.168.1.1 and the external nic is "eth0" >> = x.y.z.1. >> >From a computer on the internal network - I can get to the internet >> via > the >> proxy. I can send smtp mail - out. I can get to the shares on the > server. >> But I cannot ping an address on the internet and I cannot get to my >> pop3 mail account out on the internet. I can ping eth0 from inside >> but I > cannot >> ping beyond that address. >> >From the server/dual-homed gateway I can ping out to the Internet and > ping >> into the internal network. I can get out to the internet via a web > browser. >> It has to be a routing issue but what do I need to look for? My >> netstat looks correct. Is it ipforwarding form the inside out? >> Help any info or insight would be better than nothing. >> Thanks, >> Doug > > The two essential ingredients are ip_forwarding and ip_masquerading. > > echo 1 > /proc/sys/net/ipv4/ip_forward > iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE > > The forwarding allows packets to be routed through the gateway > & masquerading allows LAN generated packets to find a return path home > > Have a look at this HOWTO > http://tldp.org/HOWTO/IP-Masquerade-HOWTO/index.html > > Regards, > Peter >> >> -- >> redhat-list mailing list >> unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe >> https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe > https://listman.redhat.com/mailman/listinfo/redhat-list
Masq. is a specialized form of NAT. It is only aware of the interface with which it should be snating. IPSEC will not work with the MASQ.(SNAT) being performed post tunnel. As this encapulates the headers after they have been encapulated by IPSEC. The long and short of it is IPSEC/CIPE MUST be performed POST SNAT. I have not performed fwding of this kind b4. Only on the gateway box making the VPN transparent to the subnets. This would be great to see. As clients could VPN to work from home while allowing their kids comp to access the net but not the VPN. Anyone? -- Jesse Jacobs, Supa' Noob :) -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
