Re: firewall/router machine
Meni Shapiro wrote:
> hello list,
>
> I'm trying to configure my debian sarge 3.1 as a router using iptables.
> i got 2 nic (eth0, eth1) and a real ip 8 address for the lan and a true
> ip (diferent class) for the internet nic
> something like xx.xx.xx.1-8 with x.x.x.1 as the gateway on the FW
> machine asigned to eth0.
> and yy.yy.yy.AA/29 as the ip asigned to eth1.
>
> I'm trying to route traffic from and to the lan with the filter/forward
> (table/chain) rules of the iptables but can't make it work.
>
> my setup is:
> -A FORWARD -i LAN_NIC -j ACCEPT
> -A FORWARD -m state --state ESTABLISH,RELATED -j ACCEPT
>
> Am I missing something??
>
> I try pinging from the lan to the INET_NIC with no resolt....looks like
> no route between the 2 nic's ???!!!???
>
> any help will be appriciated
>
> --
> --
> Meni Szapiro
>
Did you enabled packet forwarding on your kernel?
sysctl net.ipv4.ip_forward=1
To configure it at boot see /etc/sysctl.conf
If you haven't enabled p_forwarding in the kernel the packets are dropped.
"Otherwise, if the kernel does not have forwarding enabled, or it
doesn't know how to forward the packet, the packet is dropped...."
http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-6.html
You should be able to ping INET_NIC from LAN just by enabling packet
forwading. Do that first then work your way from there.
Hope it helps,
jorge
Reply to: