Hi,

I am trying to configure Iptables on Redhat Linux. Since I am very much new to Iptables I am finding it difficult to get it working even after going through the manuals of IPtables.

The setup as below.

The Internal interface eth0 – 192.168.4.x
The External interface eth1 – 192.168.2.x

The IP Address of the system is – 192.168.4.y

I have connected a system directly to the eth0 using a cross-over cable. The eth1 is directly connected to external world i.e. router (internet).

The traffic reached upto eth1. It doesn’t reach the router.

I am able to ping eth0 and eth1 from the connected system. It seems the routing or the ip forwarding is not working properly.

I have checked by disabling IPtables, but still it doesn’t work.

Can I configure it as a route?

Is there any network related configuration I need to check or make.

Also please can anyone help me in configuring the IPtables.

Regards

Are you using a adsl or dsl to connect to the internet??
if so, are you using a pppoe client?

A couple of days ago I had the same problem as you. It turned out that when I connected to the internet using adsl with a pppoe client, even thoung I was physically connected to the modem via eth0, once I started the pppoe client a device called ppp0 was created, by which I connected to the internet. So all I had to do was replace in my iptables config file eth0 for ppp0, and everything worked fine.
Maybe that will help.

my router is connected to internet through leased line which has got a fixed static ip. Also the routing at the router has been taken care properly.

I can ping to the external interface - eth1 of the linux box, but it i cannot ping to the internal interface of the router i.e i cannot ping any web site such as cisco.com

Does your router have an IP? Cause if it has, then you should specify that Ip as gateway.

My configuration as below --

The default gateway for eth0 is eth1

The default gateway for eth1 is my router's ip address

Still it doesn't work. I think routing is not working. Can u please help?

I managed to do some configuration changes -

Now I am able to ping from my local lan to external interface i.e eth1 of my linux box. But I cannot ping to internet.

If I ping www.cisco.com, I get this error - unknown host www.cisco.com

The /etc/resolve.conf contains all my dns server ip addresses. The dns server are of my isp

Please anyone can help me.

Regards,

what does
say?

The output of - cat /proc/sys/net/ipv4/ip_forward

1

The output of - iptables -L -n -v

Chain INPUT (policy ACCEPT 56439 packets, 4753K bytes)
pkts bytes target prot opt in out source destination

0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID LOG flags 0 level 4 prefix `INVALID input: '

Chain FORWARD (policy ACCEPT 3191 packets, 718K bytes)
pkts bytes target prot opt in out source destination


Chain OUTPUT (policy ACCEPT 50709 packets, 3357K bytes)
pkts bytes target prot opt in out source destination

1961 205K LOG all -- * eth0 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 4
2254 141K LOG all -- * eth1 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 4

Please let me know if I need to configure anything else.

Regards,

OK... sounds like you are having a masquerading problem. How about the output of
?

The output is -


Chain PREROUTING (policy ACCEPT 154 packets, 12104 bytes)
pkts bytes target prot opt in out source destination


Chain POSTROUTING (policy ACCEPT 142 packets, 9165 bytes)
pkts bytes target prot opt in out source destination


Chain OUTPUT (policy ACCEPT 142 packets, 9165 bytes)
pkts bytes target prot opt in out source destination

Regards,

The problem is that you don't have a MASQUERADE rule in the POSTROUTING table.

or is it eth1? Can't remember. It's the interface connected to the router.