re nat masquerade router

fedora fedora at christopherrussell.net
Tue Jun 15 20:43:17 UTC 2004 

>Just as a question: the # are just in your mail? Hope so!

They are just in the mail, as I copied my commands from the console

>Leave away line 2 and 3. Just use the POSTROUTING rule and none for
>FORWARD, given that the FORWARD policy is set to accept.

1_ I flushed the Ruleset, > Enabled Firewall, added Trusted Services SSH
FTP and HTTP (WWW). Should I have added "Trusted Devices of eth1" ?
because I did not.

2_ then
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere
 
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere
 
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
 
Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     ipv6-crypt--  anywhere             anywhere
ACCEPT     ipv6-auth--  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:ssh
REJECT     all  --  anywhere             anywhere            reject-with
icmp-host-prohibited

3_
# vi /etc/sysconfig/iptables

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

>Question: how is your router connected to the internet? Try
>echo 0 > /proc/sys/net/ipv4/tcp_ecn

Doesn't echo anything, but when I vi it, there is "0"

I connect by cable modem.

Still cannot get Host to connect to Internet!

>Have you tried the config file I sent you... (Erik Espinoza)
Thanks Erik. No I have not tried that yet, but saved it to attempt later
tonight.

any other advice? perhaps I need to re-image the host? I just noticed
the clock and rh applet disappear since I untarred a FC1 /home/user dir
onto a user account on the FC2 Host... ?

Thanks in advance
Chris

More information about the fedora-list mailing list