Lan to Wan reprise

[Jeff Vian]

On Sun, 2005-03-13 at 19:33 -0500, Claude Jones wrote:
> On Sun, 13 Mar 2005 18:22:32 -0600, Jeff Vian <jvian10 at charter.net> wrote:
> 
> > As far as the firewall script goes, you only need to run it once if you
> > then do the following (as root) before you shutdown.
> > # service iptables save
> >
> > It then will save the settings in a file (/etc/sysconfig/iptables) that
> > automatically gets read and processed each time you boot.
> >
> > After having done this, the only time you will need to redo it is if you
> > make a change int he firewall and need to update the startup
> > configuration.
> >
> Thanks. I thought this might be the way. There are many references to  
> running firewall scripts in linux google, though it's funny, I couldn't  
> find any that were pertinent to FC3. In one tutorial I found, the "service  
> iptables save" command was used, and it seemed quite simple. I couldn't  
> figure out why this wasn't the best way to do it, but I found no other  
> mention of using it. Now, if I could just figure out where the block is  
> between my Lan and my Wan ---
> 
> 
That just about has to be "something" in the iptables setup.   The LAN
machines get to the firewall box.  The firewall box gets to the
internet.  But the LAN boxes don't get passed through.

It would need to be related to 1) ip forwarding,  2) ip masquerading aka
NAT, or 3) otherwise blocking.

I have not looked at your script, and am not an expert on iptables
scripts anyway but I can identify the location and likely part
containing the problem.

One approach may be to set up tcpdump to capture a small part of a
session that should work but does not, then analyze it to see what is
blocking the passthrough.

> -- 
> Claude Jones
> Bluemont, VA
>