Mike, Thank you very much for help. Your successful testing of my script added confidence in the IPTABLES side of things, and your suggestions about possible configuration problem shifted my attention to our network.
We have a mix of 100Mb and 10 Mb cables, with a 10Base-T/100Base-T 16-port Ethernet switch, and also an 8-port hub. (It is a mess, because it was built incrementally, with no network/HW experts guiding the process.) I shut down the client machine (the one with 10.0.0.2 IP), and reassigned this IP address to another machine. This time the packet routing worked as expected - I was able to connect to the Web server. To be sure, I shut down IPTABLES on the router machine; the connection to the Web server was promptly lost. Started IPTABLES again - the browser connected without problems. Repeated this process on yet another machine. Same thing; everything worked as expected. So, the bottom line is that the original client machine's NIC has some problem - hard to understand, though, since the card can ping every address on the network, and the browser can connect to the Internet through our production RH7.2-based machine (also running IPTABLES), but not to our internal Web server through the RH9 test firewall. I wonder if this has something to do with the NIC speed? The failing client machine is very old, with the card speed 10Mb, while all others are new, with fast NIC's. Also, in case this matters, the RH9 machine has two cards: 100Mb (192.168.1.23) and 10Mb (10.0.0.1). The problem seems to appear when a client with a slow NIC connects to the equally slow card on the router, but clients with faster NIC can work with the same slow router card just fine. [May be totally irrelevant - I am just groping in the dark.] Anyways, thank you again for your time and effort. Sincerely, Alex. -----Original Message----- From: Michael Petch [mailto:[EMAIL PROTECTED] Sent: Monday, September 08, 2003 11:59 PM To: [EMAIL PROTECTED] Subject: RE: (clug-talk) IPTABLES - packet routing is not working > Last night I took your script (The very first one you posted here), tossed it on my router/firewall > (Based on RH9) changed the IP addresses at the top of the script to reflect my environment. Thing > worked. A box outside my firewall correctly had packets sent to a webserver on my lan. Requests to > the webserver were fulfilled and data returned. > There seems to be some conflict with your configuration. For instance, how is 192.168.1.1 (Your > prouction firewall) connected?? Can you tell me if you have switches an hubs connected to this > environment? > Is it possible that 2 machines have the same IP address??? Besides the 2 test computers and the > firewall machine (The test one using RH9) is there other equipment that can interfere? If there > is, can you remove all equipment except for the 3 machines in question from the network? > Mike
