[CentOS] setup iptables to allow forwarding through eth1
I have a fresh installed CentOS 5.3 server which should route traffic between two networks like this: network A (Internet) -- eth0 (default gw) : server : eth1 -- network B (LAN) I have set in sysctl.conf net.ipv4.ip_forward = 1 and routing works fine like this. But when I switch on the iptables service (with default setup, configured when installing the server), routing stops working (or at least I cannot ping a server in network A from network B). I guess the firewall is stopping it, so I read http://www.centos.org/docs/5/html/5.2/Deployment_Guide/s1-firewall-ipt-fwd.html and issued the commands # iptables -A FORWARD -i eth1 -j ACCEPT # iptables -A FORWARD -o eth1 -j ACCEPT but that did not help. So I am asking: what is the correct iptables command to make forwarding work? Regards, Peter ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] setup iptables to allow forwarding through eth1
Peter Peltonen wrote: I have a fresh installed CentOS 5.3 server which should route traffic between two networks like this: network A (Internet) -- eth0 (default gw) : server : eth1 -- network B (LAN) I have set in sysctl.conf net.ipv4.ip_forward = 1 and routing works fine like this. But when I switch on the iptables service (with default setup, configured when installing the server), routing stops working (or at least I cannot ping a server in network A from network B). I guess the firewall is stopping it, so I read http://www.centos.org/docs/5/html/5.2/Deployment_Guide/s1-firewall-ipt-fwd.html and issued the commands # iptables -A FORWARD -i eth1 -j ACCEPT # iptables -A FORWARD -o eth1 -j ACCEPT but that did not help. So I am asking: what is the correct iptables command to make forwarding work? Regards, Peter ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos my iptables like that: * iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE * iptables --append FORWARD --in-interface eth1 -j ACCEPT Regards Firdaus i'm come from indonesia. :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
