Thanks again to JY for the tcpdump tip. Here's the latest: By doing tcpdump I can follow packets from my internal net in through my internal NIC, and out my external NIC. I can also see packets originating on my firewall and coming back from the external net. But there's never a response from an external machine to any request which originated on the internal net. This leads me to suspect that there might be something wrong with my masquerading. #ipfwadm -F -c -P tcp -S 192.168.1.3 23 -V 192.168.1.1 -W eth0 -D [anywhere] ...yields "packet masqueraded"; so I think that the rule is right; but I don't think that the masquerade operation is actually being performed. [is there some other reason why external machines would respond to my firewall but not the non-routable machines behind it?] I'm running a kernel with masquerading enabled, but if I start a telnet request from the internal net and then cat /proc/net/ip_masquerade, all I get is the following: Prc FromIP FPrt ToIP TPrt Masq Init-seq Delta PDelta Expires (free=4096,4096,4096) ...which makes me think that the machine isn't actually keeping any masqing information. Any comments? Are my guesses good? If so what do I do about this? -- PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES! http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject.
