Dustin Krysak wrote:
Good day everyone. Today has been "one of those..." days. So I have a
feeling this is just a brain lapse here.
At any rate, I am setting up a firewall/router using centos 4.4
(minimal install, yummed up to date).
I have in fact enables V4 ip forwarding (by editing /etc/sysctl.conf)
and rebooted the system. I use fwbuilder for my rules, and at this
point have a next to nothing set of rules. a DHCP server is also
residing on this router.
...
Now the issue is, I can not get out of the internal network to the
internet for any traffic. Pings (by ip and name), web sites, etc.
sounds like you're trying to do a 'NAT' (network address translation)
network, where you're local network is on private IP space (192.168.x.y
or 10.x.x.x or whatever), and you're sharing a single public IP. this
requires several very specific and moderately complex rules to implement
what Linux calls 'MASQUERADE', and you need to load the ip_conntrack
module into the kernel, and probably a few more.
at a BARE minimum, you need some variant on these two rules...
iptables --table nat --append POSTROUTING --out-interface $WAN -j MASQUERADE
iptables --append FORWARD --in-interface $LAN -j ACCEPT
(where $WAN, $LAN are eth0, eth1, or whatever your internet and local
interfaces are)
if you google for: LINUX MASQUERADE, you'll find all sorts of confusing
info on this :)
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
