THANK YOU!!!!!!!!! that is exactly my problem, i was sitting here playing with these rules for days and it had nothing to do with them!!! it all makes sense now! well, except that i'm not sure why i could get it to work using MASQUERADE, even when the gateway was the old firewall, i guess it just works differently than SNAT :) THANKS AGAIN!!!! --- Ray Anderson <rsa@xxxxxxxxxx> wrote: > Check the gateway on the internal machine you're > trying to forward to. > > Internal box a will only talk through 1 firewall at > a time, or correct me if > I'm wrong. > > Firewall1 , firewall 2 > . > /|\ > | > > Box A > Gateway is > firewall 1 > > Incoming packet to internal box A through firewall 2 > will not work because > box A tries to respond through firewall 1, not > firewall 2. > > Or did I completely misunderstand the question? > > -=Ray > +-----------------------------------------------------------+ > | | Ray Anderson > | > | | | Systems Development > Manager | > | | | 916.788.2444 (Office) > | > | (O) | 916.798.9439 (Mobile) > | > |X--------<_._>--------X | PRIDE Industries > | > | (___) | rsa at > prideindustries.com | > | | > http://www.prideindustries.com | > +-----------------------------------------------------------+ > It's the little things that cost you victories. > Group Captain Reade Tilley, RAF > > > > -----Original Message----- > > From: netfilter-admin@xxxxxxxxxxxxxxxxxxx > > [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On > Behalf Of arif > > Sent: Tuesday, March 16, 2004 11:11 AM > > To: netfilter@xxxxxxxxxxxxxxxxxxx > > Subject: identical scripts, 2 boxes, different > behavior - > > what else should i look for?! > > > > > > ok, after being super frustrated trying to figure > out > > why i can't forward ports properly, i decided to > just > > take the script we currently are using on the soon > to > > be old firewall, and load it onto the new one. It > > loaded fine, but I get different behavior with the > two > > machines! I compared the rules line by line using > > iptables -L, and theyre identical. But I do not > get > > forwarded to the internal hosts like I should, > when I > > try with the new machine! The routing tables are > > identical also, and they both have the same kernel > > modules loaded... the original is a 2.4.20 > precompiled > > redhat kernel, and the new one is 2.4.25 that i > > compiled myself - could it be something i am > missing > > in the kernel?? or is there something else i > should > > check? i have /proc/sys/net/ipv4/ip_forward set > to 1 > > of course.. i dont know what else to look for!!! > > HELP!!! :) > > > > __________________________________ > > Do you Yahoo!? > > Yahoo! Mail - More reliable, more storage, less > spam > > http://mail.yahoo.com > > > __________________________________ Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam http://mail.yahoo.com
