On Wed, February 22, 2006 10:58, Daniel Nogradi wrote: > I have updated my Fedora Core 3 box to the latest versions (in the FC3 > branch) and now have > > iptables-1.2.11-3.1.FC3 > kernel-2.6.12-1.1381_FC3 > > and ip forwarding stopped working. Before the upgrade I had > > iptables-1.2.11-3.1 > kernel-2.6.9-1.667 > > The configuration is this: > > machine A with FC3 ---------------- adsl modem -------------------- internet > | > | > | > machine B > on a LAN > > The FC3 box was using iptables for ip ipforwarding in order to let > 'machine B' access the internet using these rules: > > iptables --flush > iptables -t nat --flush > iptables --delete-chain > iptables -t nat --delete-chain Does the nat table have user defined chains ? If not then you don't need this rule. > iptables -t nat --append POSTROUTING --out-interface eth0 -j MASQUERADE > iptables -t nat --append POSTROUTING -s 192.168.10.0/255.255.255.0 -j > MASQUERADE If eth0 is your internet NIC, eth1 your LAN nic and you use 192.168.10.0/24 on your LAN then I think that no packet ever hits the latter rule. > iptables --append FORWARD --in-interface eth1 -j ACCEPT > > echo 1 > /proc/sys/net/ipv4/ip_forward > > Now after the update these rules stopped working and nothing gets > through from 'machine B', although pinging works between machines A > and B both ways. Machine A and B are on the same LAN so the FORWARD chain does not apply. That traffic is controlled by the INPUT/OUTPUT chains. > Any ideas as to what to change in these rules to have the same effect > as before the update? And the script does not generate any errors ? Try adding (a) logging rule(s) in the FORWARD chain to see why packets are dropped or rejected. I suppose this is not your complete ruleset. Could it be that you have any rules that might block this traffic ? Gr, Rob
