RE: Firewall / Internet Gateway Config Fails

From: Jason Staudenmayer (jasons_at_NJAQUARIUM.ORG)
Date: 08/09/03

  • Next message: Jason Dixon: "Re: Problem with network printing on RH 8.0" 
    To: "'redhat-list@redhat.com'" <redhat-list@redhat.com>
Date: Sat, 9 Aug 2003 16:32:44 -0400

    Yeah the NAT table is in the iptables. Test these rules:

    iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.0 -o eth1 -j SNAT
    --to-source outside_address
    iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.0 -j MASQUERADE

    These should work.

    -----Original Message-----
    From: Ken Plumley [mailto:ken_plumley@yahoo.com]
    Sent: Saturday, August 09, 2003 4:14 PM
    To: redhat-list@redhat.com
    Subject: RE: Firewall / Internet Gateway Config Fails

    Jason,

    Ok I will set GATEWAYDEV=eth0

    I replaced an existing RH 6.2 firewall/gateway machine
     with the new RH 8.0 machine. The new machine has the
    same name and IP number that the old machine did so
    all the machines on the lan are already configured to
    point to the new firewall/gateway.

    Are NAT rules the firewall rules?

    I shutdown the iptables firewall before I started
    testing but the lan clients still can not reach the
    internet.

    Ken

    --- Jason Staudenmayer <jasons@NJAQUARIUM.ORG> wrote:
    > The first way is right. You have to set up NAT rules
    > and set the gateways on
    > your clients to point to your
    > router/gateway/firewall
    >
    > -----Original Message-----
    > From: Ken Plumley [mailto:ken_plumley@yahoo.com]
    > Sent: Saturday, August 09, 2003 3:37 PM
    > To: Redhat List
    > Subject: Firewall / Internet Gateway Config Fails
    >
    >
    > I am trying to configure a red hat linux 8.0
    > combination firewall/internet gateway that serves a
    > LAN.
    >
    > eth0 is used with dhcp to reach the internet through
    > a
    > cable modem.
    >
    > eth1 is used with a static IP to reach the LAN.
    >
    > With the GATEWAYDEV set to eth0 the machine can
    > reach
    > the internet and the lan at the same time but will
    > not
    > provide access from the lan to the internet.
    >
    > With the GATEWAYDEV set to eth1, as I think it
    > should
    > be, the machine can NOT reach the internet but can
    > reach the lan.
    >
    > What am I configuring wrong?
    >
    > Any help would be much appreciated.
    >
    > Thanks,
    >
    > Ken
    >
    > Below are the network file configurations:
    >
    > File:
    > /etc/sysconfig/network
    >
    > NETWORKING=yes
    > HOSTNAME=firewallgate
    > FORWARD_IPV4="yes"
    > GATEWAYDEV=eth1
    > GATEWAY=0.0.0.0
    >
    >
    > File:
    > /etc/sysconfig/networking/devices/ifcfg-eth0
    >
    > USERCTL=yes
    > PEERDNS=yes
    > TYPE=Ethernet
    > DEVICE=eth0
    > BOOTPROTO=dhcp
    > ONBOOT=yes
    > HWADDR=(The HWADDR is correct)
    >
    >
    > File:
    > /etc/sysconfig/networking/devices/ifcfg-eth1
    >
    > USERCTL=yes
    > PEERDNS=no
    > TYPE=Ethernet
    > DEVICE=eth1
    > HWADDR=(The HWADDR is correct)
    > BOOTPROTO=none
    > NETMASK=255.255.255.0
    > ONBOOT=yes
    > IPADDR=192.168.1.3
    > NETWORK=192.168.1.0
    > BROADCAST=192.168.1.255
    > GATEWAY=0.0.0.0
    >
    >
    > File:
    > /etc/sysconfig/networking/devices/eth0-route
    >
    > GATEWAY0=0.0.0.0
    > NETMASK0=0.0.0.0
    > ADDRESS0=0.0.0.0
    >
    >
    > File:
    > /etc/sysconfig/networking/devices/eth1-route
    >
    > GATEWAY0=0.0.0.0
    > NETMASK0=255.255.255.255
    > ADDRESS0=192.168.1.3
    >
    >
    >
    > __________________________________
    > Do you Yahoo!?
    > Yahoo! SiteBuilder - Free, easy-to-use web site
    > design software
    > http://sitebuilder.yahoo.com
    >
    >
    > --
    > redhat-list mailing list
    > unsubscribe
    >
    mailto:redhat-list-request@redhat.com?subject=unsubscribe
    > https://www.redhat.com/mailman/listinfo/redhat-list
    >
    >
    > --
    > redhat-list mailing list
    > unsubscribe
    >
    mailto:redhat-list-request@redhat.com?subject=unsubscribe
    > https://www.redhat.com/mailman/listinfo/redhat-list

    __________________________________
    Do you Yahoo!?
    Yahoo! SiteBuilder - Free, easy-to-use web site design software
    http://sitebuilder.yahoo.com 

    -- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
  • Next message: Jason Dixon: "Re: Problem with network printing on RH 8.0"

    Relevant Pages

    • RE: Firewall / Internet Gateway Config Fails
      ... in the address of it's internet address so it can be routed on the net. ... Firewall / Internet Gateway Config Fails ... configured correctly shouldn't the lan clients be able ...
      (RedHat)
    • Re: Internet Connection Firewall
      ... You actually might want to keep the firewall on in a lan environment. ... TCP 445 - SMB over TCP ... > The built-in firewall is designed to be used only on a direct> connection to the Internet, not on any internal LAN connections. ...
      (microsoft.public.windowsxp.security_admin)
    • Re: Cant ping my Windows 2003 R2 server from the internet.
      ... The LAN is connected to a router, as are other PCs on my LAN. ... Gateway metric: 100 ... and dynamic settings pulled from my cable internet provider on the ... able to ping the 100mb port. ...
      (microsoft.public.windows.server.networking)
    • Re: RD works on LAN not across Internet
      ... RD works fine within my LAN but not across the ... I turned off Windows Firewall and NIS on all computers. ... >>> settings to fully use DHCP to access the Internet. ...
      (microsoft.public.windowsxp.work_remotely)
    • Re: squid + transparent proxying + ssl prots ?
      ... >> route SSH connections off the local private subnet to the internet. ... We use "net 10" for our lan. ... There is one gateway machine ... The iptables command can be used to perform a range of functions in Linux ...
      (Debian-User)