Hello!
I sent a mail earlier regarding an ip forwarding problem i am
having with redhat linux 6.1/6.2 with forwarding/ipchains and am now
starting to find the problem insoluble.
Basically all i am trying to do is configure a packet filter firewall
without ip masquarade - a router.
I have enabled ip forwarding in either /etc/sysconfig/network
or /etc/sysctl.conf.
PC has two nics - one to cisco router and one to network.
I am using following script (which should forward everything between
hosts!)
ipchains -F
ipchains -A input -i eth0 -s int_host_ip -j ACCEPT
ipchains -A output -i eth0 -d int_host_ip -j ACCEPT
ipchains -A input -i eth1 -s ext_host_ip -j ACCEPT
ipchains -A output -i eth1 -d ext_host_ip -j ACCEPT
ipchains -A forward -i eth1 -s int_host_ip -d ext_host_ip -j ACCEPT
ipchains -A forward -i eth0 -s ext_host_ip -d int_host_ip -j ACCEPT
(I am using pc with a few hosts - one internal (eth0) and one external
(eth1) at the moment to test it)
ie. I am certain this `delibrately simple' script is OK and should forward
traffic between hosts. Forwarding should be OK as it's enabled. nics are
setup OK. All obvious things are setup (gateway etc) but it's still not
working.
I can block with ipchains all the usual stuff ip's,protocols,ports
on individual nics but can't forward between nics.
It might be something to do with redhat's setup or something
else is interfering etc.
I've tried tcpdump on eth0 and eth1 but nothing comes up on external
interface.
Failing this i might install pristine kernel source with ipchains
source and see how it goes.
Help appreciatted
Kevin
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jul 31 2000 - 21:00:29 EST