On Thu, 13 Feb 2003, Paul Lee wrote: > You were right, ip_forward was set to "0". I have since set it to "1" and i > still am getting "request time out" every time I attempt to ping an outside > server.
Have you set up your FW machine to do masquerading, yes? There is a difference between that and NAT. Ed > > Paul Lee > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] > Sent: Thursday, February 13, 2003 7:20 AM > To: [EMAIL PROTECTED] > Subject: Re: iptables firewall configuration - getting the 2 nics to > communicate > > > On Thu, 13 Feb 2003, Paul Lee wrote: > > > I have a question regarding a firewall configuration I am attemping. I am > > using RH8 on a machine with 2 nics to create a packet filtering firewall > > using IPTABLES. I have configured the machine so that the external nic has > a > > valid, internet-routable IP and the internal nic has a private IP > > (192.168.*.*) so that I can use network address translation. I have set up > > the rules and I can ping outside servers from the firewall (using the > > external nic) and I can ping the firewall from within the private network. > > Unfortunately, I have been unable thus far to get any kind of connection > on > > the internal network. Am I missing a vital configuration step in setting > up > > the 2 nics? I have the gateway of the external nic pointing at my router > and > > the gateway of the internal nic pointing to the external nic. I have all > the > > machines on the private network pointing to the internal nic on the > > firewall. In all of my research I cannot find anywhere that it gives > > explicit instructions on setting up the machine. Any help would be GREATLY > > appreciated. > > I prefer to use shorewall to set up my firewall....but in any event it > sounds as if ip forwarding is not enabled. > > cat /proc/sys/net/ipv4/ip_forward should be "1" if enabled. > > Ed > > > -- > http://www.shorewall.net/ for all your firewall needs > > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > -- http://www.shorewall.net/ for all your firewall needs -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list