Lan to Wan reprise

Jeff Vian jvian10 at charter.net
Mon Mar 14 00:22:32 UTC 2005 

On Sun, 2005-03-13 at 15:53 -0500, Claude Jones wrote:
> Arthur Pemberton wrote:
> 
> > Claude Jones wrote:
> >
> >> Arthur Pemberton wrote:
> >>
> >>> Claude Jones wrote:
> >>>
> >>>> The web server works.
> >>>> The box has internet access.
> >>>> Machines on the Lan are getting DHCP assigned IP addresses. They 
> >>>> are also able to see my lone web page.
> >>>> However, the machines on the Lan can't get past the firewall. It's 
> >>>> not a DNS problem because it doesn't go away if you put an IP 
> >>>> address in. I can ping the Wan NIC from the LAN but nothing further 
> >>>> than that.
> >>>> I've reviewed the procedures over and over  that I used 
> >>>> successfully, and I can't find the problem.
> >>>> DHCPD loads without errors.
> >>>> I've checked and rechecked the firewall and SELinux settings, and 
> >>>> they appear to be the same as at the office.
> >>>> I've reviewed the network settings for my NICs twenty times.
> >>>> IP forwarding and masquerade have been set up.
> >>>> What have I overlooked??? I have to have this running in three 
> >>>> hours so any suggestions would be greatly appreciated!
> >>>
> >>>
> >>>
> >>> I have almost exactly the same setup as you up and running. See my 
> >>> firewall iptables script (it may help you):
> >>> http://pembo13.dalive.com/scripts/bash/firewall.php
> >>>
> >> I'm looking at your script now. When I get done with all the mods to 
> >> work with my system, how do I run it? Forgive me for I'm new to all 
> >> this...
> >>
> > No prob. I've been there myself. To run you can run either of the 
> > floowing commands:
> >
> > 1) $ sh firewall.sh
> >
> > or
> >
> > 2) $ chmod +x firewall.sh          # you shoudl only need to run this 
> > first command the first time you attempt this method
> >    $ ./firewall.sh
> >
> Thanks. I did figure this one out. I'm still finding it hard to figure 
> out where to put this script once it works, and how to run it at 
> boot-time. Meanwhile, even though the firewall starts and stops and the 
> rules seem right, I'm still not getting out from the Lan. DHCPD seems 
> fine - my inside machines get addresses, and they can ping the outside 
> NIC on the Linux box, and they can see the one page on my web server. 
> But, that's as far as they can get.

As far as the firewall script goes, you only need to run it once if you
then do the following (as root) before you shutdown.
# service iptables save

It then will save the settings in a file (/etc/sysconfig/iptables) that
automatically gets read and processed each time you boot.  

After having done this, the only time you will need to redo it is if you
make a change int he firewall and need to update the startup
configuration.
>

More information about the fedora-list mailing list