/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
>The problem is that I can't get iptables masquerading to work (can't ping >anything outside my internal network from the masqed computers) unless I >have an established connection running (e.g. SSH) from the to-be-masqed >computers to the Linux box while I execute the rc.firewall script. This sounds like an ARP problem. With MASQ working ok, run "arp -an". Ok, now disconnect that SSH session from the MASQed PC to the MASQ server and delete all the internal MASQ ARP entries using commands like "arp -d 192.168.1.4". Ok, now run the rc.firewall ruleset again. From the MASQed PC, try to contact the internet? Does it work? If not, anything in "arp -an"? If not.. it's definitely an ARP issue. >It was working OK when I was running Red Hat 7.1, but now I've upgraded to >7.2. I have tried both the "simple" and the "stronger" rulesets. > >Any ideas of what I should be looking for here? When reading the IPMASQ Howto (section 5), where do things break? >I also wonder if somebody could provide me with with what I should put in >the /etc/sysconfig/iptables file to get the same rules as with the >"stronger" rc.firewall, based on the info in the ASCII diagram above - so >things will be Done The Red Hat Way (TM)... I'm totally lost when it comes >to iptables configuration, so the pre-made rc.firewalls really were a >Godsend, at least until something broke. ;) Use the /etc/rc.d/init.d/firewall script from the TrinityOS archive script? ;-) http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS-security/TrinityOS-security.tar.gz --David .----------------------------------------------------------------------------. | David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] | !---- ----! `----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----' _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
