On Thu, 13 Feb 2003, Paul Lee wrote: > yes... i do believe it is set up for masquerading. I am fairly new at this > and I am having to learn as I go ... would you mind elaborating on the > difference (just briefly)
You use masquerading when all you have is one valid IP address given to you by your ISP. Then the FW will translate the internal private IP addresses to the same IP address given to you by the ISP. It keeps a record of this and other changes it makes so that it knows what to do with responses coming back from the Internet. You use NAT when your ISP has given you a block of IP addresses and you want to translate a given valid IP adress to a given private IP address. Most individuals want masquerading and not NAT. This is one of the reasons I like to use shorewall. There are a set up config files that make setting up things like this a breeze. Of course, you need to read the documentation and the FAQ from the site....it takes a little bit of time....but you learn a lot. Regards, Ed > > Thanks so much > Paul > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] > Sent: Thursday, February 13, 2003 7:47 AM > To: [EMAIL PROTECTED] > Subject: RE: iptables firewall configuration - getting the 2 nics to > communicate > > > On Thu, 13 Feb 2003, Paul Lee wrote: > > > You were right, ip_forward was set to "0". I have since set it to "1" and > i > > still am getting "request time out" every time I attempt to ping an > outside > > server. > > Have you set up your FW machine to do masquerading, yes? There is a > difference between that and NAT. > > Ed > > > > > Paul Lee > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] > > Sent: Thursday, February 13, 2003 7:20 AM > > To: [EMAIL PROTECTED] > > Subject: Re: iptables firewall configuration - getting the 2 nics to > > communicate > > > > > > On Thu, 13 Feb 2003, Paul Lee wrote: > > > > > I have a question regarding a firewall configuration I am attemping. I > am > > > using RH8 on a machine with 2 nics to create a packet filtering firewall > > > using IPTABLES. I have configured the machine so that the external nic > has > > a > > > valid, internet-routable IP and the internal nic has a private IP > > > (192.168.*.*) so that I can use network address translation. I have set > up > > > the rules and I can ping outside servers from the firewall (using the > > > external nic) and I can ping the firewall from within the private > network. > > > Unfortunately, I have been unable thus far to get any kind of connection > > on > > > the internal network. Am I missing a vital configuration step in setting > > up > > > the 2 nics? I have the gateway of the external nic pointing at my router > > and > > > the gateway of the internal nic pointing to the external nic. I have all > > the > > > machines on the private network pointing to the internal nic on the > > > firewall. In all of my research I cannot find anywhere that it gives > > > explicit instructions on setting up the machine. Any help would be > GREATLY > > > appreciated. > > > > I prefer to use shorewall to set up my firewall....but in any event it > > sounds as if ip forwarding is not enabled. > > > > cat /proc/sys/net/ipv4/ip_forward should be "1" if enabled. > > > > Ed > > > > > > -- > > http://www.shorewall.net/ for all your firewall needs > > > > > > > > -- > > redhat-list mailing list > > unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe > > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > > > > > > -- > http://www.shorewall.net/ for all your firewall needs > > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > -- http://www.shorewall.net/ for all your firewall needs -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
