On 06/04/2013 04:20 PM, Steve Clark wrote: > On 06/04/2013 09:20 AM, Johan Vermeulen wrote: >> in iptables, prerouting and masquerading are configured : >> >> # Firewall configuration written by system-config-firewall >> # Manual customization of this file is not recommended. >> *nat >> :PREROUTING ACCEPT [0:0] >> :OUTPUT ACCEPT [0:0] >> :POSTROUTING ACCEPT [0:0] >> -A POSTROUTING -o eth+ -j MASQUERADE >> -A POSTROUTING -o em2 -j MASQUERADE > Shouldn't this be em1? Yes, -o is outgoing and it should be em1, not em2 >> COMMIT >> *filter >> :INPUT ACCEPT [0:0] >> :FORWARD ACCEPT [0:0] >> :OUTPUT ACCEPT [0:0] >> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT >> -A INPUT -p icmp -j ACCEPT >> -A INPUT -i lo -j ACCEPT >> -A INPUT -i eth+ -j ACCEPT >> -A INPUT -i em2 -j ACCEPT >> -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT >> -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT >> -A FORWARD -p icmp -j ACCEPT >> -A FORWARD -i lo -j ACCEPT >> -A FORWARD -i eth+ -j ACCEPT >> -A FORWARD -i em2 -j ACCEPT >> -A FORWARD -o eth+ -j ACCEPT >> -A FORWARD -o em2 -j ACCEPT Check if you should have this line. It has been a long time I needed to use iptables for forwarding, nut I do not remember using -A FORWARD and -o together. Do you at all need all those -A FORWARD lines for masquerading? >> -A INPUT -j REJECT --reject-with icmp-host-prohibited >> -A FORWARD -j REJECT --reject-with icmp-host-prohibited >> COMMIT >> -- Ljubomir Ljubojevic (Love is in the Air) PL Computers Serbia, Europe StarOS, Mikrotik and CentOS/RHEL/Linux consultant _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos