[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: iptables problems

From: Tony Nugent <tony linuxworks com au>
To: enigma-list redhat com
Subject: Re: iptables problems
Date: Thu, 28 Nov 2002 18:31:33 +1000

On Wed Nov 27 2002 at 15:47, Scott Queen wrote:

> Problem 1:
> RH Linux 7.2, kernel 2.4.9-34, iptables 1.2.4  (potential
> incompatability based on some sources)

You should be using kernel-2.3.18-18.7.x and iptables-1.2.5-3 (as
per bugfix/security updates).

> I have a RH Linux box acting as a firewall/router.  It is connected to
> ATT HOME on the internet side; a network with two Win98 pcs on the LAN
> side.  I have successfully connected to that ATT HOME network with the
> linux box (can ping www.yahoo.com, can surf the web from the linux
> box).  I can ping a network pc from the linux box, can ping the linux
> box from the network pc, but I cannot ping the internet from the
> network pc.

You need to do masquerading.

First, make sure that your box is configured as a router... make
sure that you have this in /etc/sysctl.conf:

net.ipv4.ip_forward = 1

and then run /sbin/sysctl

Next, you need to turn on masquerading.

If you have a dynamically assigned IP, then:
  iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

If you have a static IP, then do it like this:
  iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source XXX.XXX.XXX.XXX

... where "eth1" refers to the interface to the internet, and
XXX.XXX.XXX.XXX refers to your static IP.

> I have a very basic iptables configuration in the
> rc.firewall file.  What do I need to do to be able to ping the internet
> from the network pc?  (it looks like the network pc is getting the
> correct ip address of the internet sites I'm trying to ping, so I think
> DNS, gateway, etc. ip's are working.

One of those two magic spells will do the trick.

There are several networking HOWTOs out there that will explain how
all this works.

To preserve what you've done:  service iptables save

> Problem 2:
> I read that there is an incompatibility between kernels 2.4.9 and
> iptables 1.2.4.  So - I downloaded the patch to upgrade from iptables
> 1.2.4 to 1.2.5.  However - my linux box does not have a patch command
> on it, so I don't know how to apply the patch.  Is this a problem with
> my Linux? (can you tell I'm new to Linux???)

rpm -Fvh iptables-1.2.5-3.i386.rpm

> Thanks,
> Scott Queen

Cheers
Tony

References:
- iptables problems
  - From: Scott Queen

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]