linux gateway/firewall with MASQUERADE
Hi all--
I'm pretty new to Linux, so bear with me please! I am trying to set up my Red Hat 7.3 box to be a firewall/gateway for an internal subnet (really only one Windows 2000 machine in the network). I have read several tutorials on firewall software and IP Masquerade and it seems that my best options would be to use Iptables for the firewall and Masquerading since my connection to the Internet is dchp (cable modem). I have set up two NICS and built a pretty decent firewall that won't allow much of anything.
My problem is this..
No matter what I do I can't get the Windows machine to talk to the linux gateway machine. I get no LED lights on the second NIC. Here is the summary of the configuration:
*both NICs are verified to be in working order
eth0 =>dhcp from cable modem
eth1 =>static assigned IP 192.168.1.1
IPforwarding is set to true (1)
rules exist in Iptables such that:
all chains drop everything by default
iptables --table nat --append POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT
my routing table looks like this:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
208.180.146.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 208.180.146.1 0.0.0.0 UG 0 0 0 eth0
I can ping the eth1 NIC at 192.168.1.1
If I ping to 192.168.1.2 (the windows box static IP) it gives me destination host unreachable.
running tcpdump listening on eth1 shows no packets when I ping 192.168.1.1, but shows packets when I try to ping the subnet machine past that point (192.168.1.2) tcp dump listening on eth1 shows no packets when I boot the windows pc's network service. I thought for sure it was a firewall rule problem for the Windows box (boot pc maybe?) but since there were no packets traversing eth1 from the subnet, I can rule that out right??
The Windows box gets:
IP=192.168.1.2
gateway is eth1 in linux box=192.168.1.1
dns is my isp dns server
netmask=255.255.255.0
I thought that maybe it was the firewall blocking packets, so I turned it to accept all packets, but still had the same problem. No ping to the subnet, no link lights on the second NIC, and the Windows box thinks the network cable is unplugged when I start networking.
Does anyone have any suggestions? I've gone through 4 or 5 tutorials on iptables/masquerading/networking with 2 NICS, and tried a few other rule configurations, but pretty much nothing I tried is any different. The windows box just won't find the network. I have been told that even without forwarding and Masq. running I should be able to ping the Windows box from the Linux gateway.
I sure appreciate any help, it is a real pain running a software firewall on that windows machine. Norton Personal Firewall is killing me with all the question pop-ups it asks me all the time!
Thanks,
Will B.
|