Trying to set up RH8.0 as a router/firewall for a cable
connection, where the IP address for eth0 is obtained
through DHCP. The IP address of eth1 is a local address of
192.168.1.1
I have enabled ip_forwarding in /etc/sysctl.conf and
verified it on reboot using cat
/proc/sys/net/ipv4/ip_forward. The value is 1, so it's
enabled.
My firewall is a simple script right now since I haven't
started unenabling services.
iptables -P INPUT DROP
iptables -A INPUT -i ! eth0 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j
ACCEPT
iptables -A INPUT -j LOG --log-prefix "INPUT_DROP(FW): "
--log-level 6
iptables -A INPUT -p tcp -i eth0 -j REJECT --reject-with
tcp-reset
iptables -A INPUT -p udp -i eth0 -j REJECT --reject-with
icmp-port-unreachable
I have tried the following NAT commands but to no avail
one at a time but to no avail.
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to
192.168.1.1
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
Thing with it is that I can ping any computer in the LAN
including the RH8 box and get a response. I can ping from
the RH8 box out to the internet. However, I can not ping
from eth0 to eth1 on the box itself using the command
ping -I eth0 192.168.1.1 and vice-versa.
Has anyone had this problem??? Seems like ip_forwarding
isn't doing its job.
I have created a firewall and ipsec VPN server using RH7.3
without any problems. Does anyone know anything about
this?
__________________________________________________
Do You Yahoo!?
Yahoo! BB is Broadband by Yahoo!
http://bb.yahoo.co.jp/
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
