In message <[EMAIL PROTECTED]>, Andrew Mathews <[EMAIL PROTECTED]> writes >Roger Hayter wrote: > >> I wonder if anyone has any ideas what might be going wrong here? I >>have a Suse 8.0 machine which I plan to use as a router/firewall. >>Using routeable IPs. It has 3 NICs, one of which gets its address by >>dhcpcd (eth0). This is for technical adsl modem reasons, but it is >>always the same address. IP forwarding works between the two NICs >>(on different subnets) which have preset IPs (eth1 and eth2), and to >>the actual IP address of eth0. Routing is set up so I can contact the >>wider Internet from the firewall machine itself, via eth0, and both >>incoming and outgoing connections work fine. (Not left on long in >>this un-firewalled config, in case anyone out there is listening!) >>But the kernel will not accept any packets coming in from eth0 which >>should go to eth[1 or 2] or vice versa. It isn't the cards >>themselves, as I have swapped their roles. Is this a limitation of >>dhcp, or can anyone suggest another theory? I am tempted to try a) >>Suse 7.3 or b) dhclient instead of dhcpcd, but either would be very laborious. > >Two things to check. Make sure that ip forwarding is enabled by doing an >echo "1" > /proc/sys/net/ipv4/ip_forward to enable forwarding and set >up an ipchains rule such as: >/sbin/ipchains -A forward -s 10.10.108.0/24 -j MASQ >substituting the appropriate address and subnet. >
Thanks but a) as I said, ip forwarding is on and actually works between the two internal subnets, and b) I don't want to do masquerading, as the internal machines are on routeable addresses. Should I need an iptables rule for forwarding to the external interface if there are no rules set? If so, could someone devise one for me, would the above work without the -j? -- Roger Hayter _______________________________________________ Linux-users mailing list - http://linux-sxs.org/mailman/listinfo/linux-users Subscribe/Unsubscribe info, Archives,and Digests are located at the above URL.
