Hi, Im attempting to setup a simple network gateway with a with firewall functionality. For some reason this task is providing to be more of a challange than I thought.
My situation: 2 ethernet cards, eth0 is dynamically configured by isp, eth1 is statically assigned ip address 111.222.333.1 and is associated with a dhcpd server which assigns ip's to servers and such on subnets (this works fine). My private subnet is 111.222.333.32/27 with a broadcast address of 111.222.333.63 and is what I am experimenting with when trying to get this to work.

For now I have set iptables to allow everything, so that I can get the router working before I close off ports. Basically these are the commands I used to setup iptables:
iptables -A INPUT -j LOG --log-level notice --log-prefix IPTABLES:
iptables -A INPUT -j ACCEPT
iptables -A OUTPUT -j LOG --log-level notice --log-prefix IPTABLES:
iptables -A OUTPUT -j ACCEPT
iptables -A FORWARD -j LOG --log-level notice --log-prefix IPTABLES:
iptables -A FORWARD -j ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE

I also have tried doing the following, but with no avail yet (leaving these out does not solve the problem either):
iptables -t nat -A PREROUTING -i eth0 -j DNAT --to 111.222.333.63 (private subnet broadcast)
iptables it nat -A PREROUTING -i eth1 -j DNAT --to 0.0.0.0

As for 'route':
111.222.333.32 * 255.255.255.224 eth1
111.222.333.0 * 255.255.255.224 eth1
111.222.333.0 * 255.255.255.0 eth1
aaa.bbb.ccc.ddd * 255.255.255.252 eth0
default aaa.bbb.ccc.1 0.0.0 eth0
(where add.bbb.ccc.ddd is my isp's network)

I have also added a static route to 111.222.333.1 (eth1) which did not work. As well as removing one or both of the 111.222.333.0 entries which also did not work.

Finally, checking the iptables logs I discover that hosts on my private subnet are sucessfully attempting to reach their destination via eth1 (logs show connections for port 53 - dns, as i am attempting to connect to the web via a browser on my end host) but after several of these attempts, the iptables responds by sending an ICMP signal back to the client of type 3 or 'Destination Unreachable'.

Thats about it. I am completely stumped with this one. I'm not sure why something that is so simple is proving to be so hard. If anyone has any ideas or sees any flaws in my thinking, please relay you ideas on. Thanks alot.

What do you have in /proc/sys/net/ipv4/ip_forward ? When forwarding is on, you should have 1.

Thx for the reply mara. I checked and I do have 1 in /proc/sys/net/ipv4/ip_forward.
More suggestions are appreciated.

Still no luck :-(
I have seemed to try everything, I've played around with both route and iptables; defining routes and rules in hope of getting something to work, but it still wont.

If noone has any ideas concerning my problem, then maybe you could recommend a utility or such to help me find the problem easier. I could especially use something to read the iptables log output out of /var/log/messages, as it is very cryptic and hard to read. Since I dont have X installed on my gateway it would have to be something cmd line based.

Anyways, If anyone has any suggestions please post, and I will keep this post updated if I make any breakthroughs.

If you want my advice to be honest with you you can spare yourself this whole mess in a few simple clicks but you need to have X ........ there is this firewall called firestarter it is a GUI firewall it enables you to start internet connection with an easy to use firewall in a few seconds .......I used to have lot of probs everytime i used to install a linux gateway "not a great network guru here"... but since I started using firestarter Iam finishing the network configuration in 10 minutes max

Solved! After much much much (note the date between posts) debugging I found that the problem occured because my internel clients were sending DNS queries to my gateway for web sites I was trying to access, and my gateway was not forwarding this request to my isp's DNS server. After compiling and installing BIND, and creating the named.conf file as so;

options{
forward first;
forwarers {
isp.dns.server.ip;
};
};

my gateway successfully forwarded packets. (To be technically correct, it was forwarding packets all along, but I was trying to access external sites via url and not ip, because my "genious intellect" :-) )
Anyways, I hope this helps anyone in a similar rut, and I would like to once again thank all those that helped me solving my problem.