On Sat, 2003-09-06 at 18:14, Alexandr Molochnikov wrote: > Further to my original inquiry: > > I can ping both Windows machines (Client A and Server B) from the > firewall (RH9) machine. However, could I be missing some > services/daemons/processes etc. that are required for packet forwarding, > or perhaps there is something in my kernel/iptables that I should check? > > Any advice will be appreciated.
Sorry, I haven't been following the whole thread but this is how I set up my RH9 NAT/firewall. Set net.ipv4.ip_forward = 1 in /etc/sysctl.conf. chkconfig iptables on Use the following script for /etc/sysconfig/iptables: # General input port filter rules *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT # Trusted devices -A INPUT -i lo -j ACCEPT -A INPUT -i eth1 -j ACCEPT # Default is reject everything else -A INPUT -p tcp -m tcp --syn -j REJECT -A INPUT -p udp -m udp -j REJECT COMMIT # Now the IP masquerading rule *nat -A POSTROUTING -o eth0 -j MASQUERADE COMMIT This assumes eth0 is external and eth1 is internal. It leaves SSH accessible from the outside but you can open other ports pretty easily. Once that's done, just reboot and see if it works. (Don't need to reboot, but its good to ensure that your changes will survive a restart.)
