Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I just upgraded my RedHat 9 server with a clean installation of Fedora Core 2. This machine acts as a gateway to the other computers in my house but is no longer routing traffic since the upgrade. Here's what I've checked so far:
I have "net.ipv4.ip_forward = 1" set in /etc/sysctl.conf.
echo 1 > /proc/sys/net/ipv4/ip_forward
ipt_MASQUERADE module is loaded
I've tried this with iptables off
Here's my current /etc/sysconfig/iptables:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
eth0 is my trusted interface, eth1 is the one hooked up the the Internet. I can get out from my Fedora box, I can ssh into it from a remote computer but hosts on my internal network can not get out. Pinging from an internal host resolves the name but the ping never makes it out.
Yeah, I tried that before (and again right now) and it didn't work :-( It worked find in RH9. I can't help but think I'm missing something stupid. Here's the output of "iptables -L"
------------------------------------------
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
hmm...odd. mine worked like a magic, when I first set up the ethernet so I could ping others and then just set the masquerade- and forward-iptables-rules..and of course set the /proc/sys/net/ipv4/ip_forward to 1.
I really can't imagine a solution now..I'll post here if I get an idea. so the pings don't work either?
Pings work from my linux box itsel but not from any other hosts on my network (using it as a gateway). Do I need to add the lines you recommended from a specific location in my /etc/sysconfig/iptables?
I'm really at a loss here. Don't know where else to turn :-)
Well, I'm almost embarrassed to admit it. I knew it would be something stupid! I upgraded the firmware on two of my routers last week. Apparently this turned DHCP back on (both of them, Linksys AND Netgear) and they were feeding incorrect information to my clients. Once I turned them both back off, my clients picked up the correct information from my "real" DHCP server and were able to find their gateway :-)
Interesting though... my dhcpd.leases is empty....
Thanks everyone!!
Just goes to show you, sometimes you _have_ to ask the obvious questions (is the power on?!) :-P
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.