Lan to Wan reprise

Claude Jones claude_jones at levitjames.com
Sun Mar 13 20:53:47 UTC 2005 

Arthur Pemberton wrote:

> Claude Jones wrote:
>
>> Arthur Pemberton wrote:
>>
>>> Claude Jones wrote:
>>>
>>>> The web server works.
>>>> The box has internet access.
>>>> Machines on the Lan are getting DHCP assigned IP addresses. They 
>>>> are also able to see my lone web page.
>>>> However, the machines on the Lan can't get past the firewall. It's 
>>>> not a DNS problem because it doesn't go away if you put an IP 
>>>> address in. I can ping the Wan NIC from the LAN but nothing further 
>>>> than that.
>>>> I've reviewed the procedures over and over  that I used 
>>>> successfully, and I can't find the problem.
>>>> DHCPD loads without errors.
>>>> I've checked and rechecked the firewall and SELinux settings, and 
>>>> they appear to be the same as at the office.
>>>> I've reviewed the network settings for my NICs twenty times.
>>>> IP forwarding and masquerade have been set up.
>>>> What have I overlooked??? I have to have this running in three 
>>>> hours so any suggestions would be greatly appreciated!
>>>
>>>
>>>
>>> I have almost exactly the same setup as you up and running. See my 
>>> firewall iptables script (it may help you):
>>> http://pembo13.dalive.com/scripts/bash/firewall.php
>>>
>> I'm looking at your script now. When I get done with all the mods to 
>> work with my system, how do I run it? Forgive me for I'm new to all 
>> this...
>>
> No prob. I've been there myself. To run you can run either of the 
> floowing commands:
>
> 1) $ sh firewall.sh
>
> or
>
> 2) $ chmod +x firewall.sh          # you shoudl only need to run this 
> first command the first time you attempt this method
>    $ ./firewall.sh
>
Thanks. I did figure this one out. I'm still finding it hard to figure 
out where to put this script once it works, and how to run it at 
boot-time. Meanwhile, even though the firewall starts and stops and the 
rules seem right, I'm still not getting out from the Lan. DHCPD seems 
fine - my inside machines get addresses, and they can ping the outside 
NIC on the Linux box, and they can see the one page on my web server. 
But, that's as far as they can get.

More information about the fedora-list mailing list