You are not logged in.

#1 2005-05-01 17:14:03

bbad
Member
Registered: 2005-05-01
Posts: 4

ICS

eth0 - internet, eth1 - lan

iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

from lan i can ping server eth0 and eth1 ip.
from server i can ping client ip and any internet ip.
i CANT ping any internet ip from client

where is mistake? maybe archlinux kernel dont support ip forwarding?

Offline

#2 2005-05-01 17:46:06

T-Dawg
Forum Fellow
From: Wilmington, NC
Registered: 2005-01-29
Posts: 2,734

Re: ICS

It's something with your nat configuration. Try using this firewall generator, it has the nat tables included. Even if you dont want to use the script, it produces commented output with the rules that you may find usefull.
Just run the included script and it will ask you a series of questions.

Offline

#3 2005-05-01 17:57:24

i3839
Member
Registered: 2004-02-04
Posts: 1,185

Re: ICS

echo 1 > /proc/sys/net/ipv4/ip_forward

perhaps?

Offline

#4 2005-05-01 18:06:45

bbad
Member
Registered: 2005-05-01
Posts: 4

Re: ICS

i3839 wrote:
echo 1 > /proc/sys/net/ipv4/ip_forward

perhaps?

i already tried that

Offline

#5 2005-05-01 19:12:59

i3839
Member
Registered: 2004-02-04
Posts: 1,185

Re: ICS

Best to give your whole config then, and slightly more detail as how the network looks like. (It can also be a stupid DNS problem instead.)

Offline

#6 2005-05-01 21:48:25

bbad
Member
Registered: 2005-05-01
Posts: 4

Re: ICS

quicktables worked great, apperantly it needs to reboot to start effect of new config

thx everyone

Offline

#7 2005-05-01 21:59:42

T-Dawg
Forum Fellow
From: Wilmington, NC
Registered: 2005-01-29
Posts: 2,734

Re: ICS

Once you've rebooted you can always do a

/etc/rc.d/iptables save

to hard coat a config file for iptables. That way its convient to start,stop, flush and add new rules on the fly. Just remember to add iptables to your DAEMONS() array and comment out the path you provided earlier in /etc/rc.local. wink

Edit: you may have to create a new file 'iptables.rules' in /etc/iptables/ to get it to work.

Offline

Board footer

Powered by FluxBB