OK, sorry I've been so long, but thanks for getting back to me.
To clarify, I want to use my redhat box as a gateway for microsoft clients.
Redhat has two network cards, one with a fixed, valid internet IP address, and a gateway address of our cisco router, the other card has a fixed, internal IP.
NT Client ( actually I have had to start using a Win98 laptop, as I need the NT box to do real work ) has a fixed internal address, and a gateway address of the internal card of the redhat box.
#netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
10.10.0.0 0.0.0.0 255.255.0.0 U 40 0 0
eth1
213.130.0.0 0.0.0.0 255.255.0.0 U 40 0 0
eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo
0.0.0.0 213.130.129.<cisco router IP> 0.0.0.0 UG 40 0
0 eth00
--
#cat /proc/sys/net/ipv4/ip_forward
1
--
#ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:00:21:F8:30:FF
inet addr:213.130.129.<linux box IP> Bcast:213.130.255.255
Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6612 errors:0 dropped:0 overruns:0 frame:0
TX packets:143 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:11 Base address:0xf00
eth1 Link encap:Ethernet HWaddr 00:00:21:CC:FF:FF
inet addr:10.10.10.101 Bcast:10.10.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:141105 errors:0 dropped:0 overruns:0 frame:0
TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:9 Base address:0x2e00
gre0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:1476 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
tunl0 Link encap:IPIP Tunnel HWaddr
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
rc.firewall is copied straight from:
http://www.boingworld.com/workshops/...c.firewall.txt
with the following changes:
LAN_IP_RANGE="10.10.0.0/16"
LAN_IP="10.10.10.101/32"
LAN_BCAST_ADRESS="10.10.0.255/32"
LOCALHOST_IP="127.0.0.1/32"
STATIC_IP="213.130.129.<**redhat fixed IP**>/32"
INET_IFACE="eth0"
LAN_IFACE="eth1"
IPTABLES="/usr/local/sbin/iptables"
On Client, TRACERT gets to the first hop (10.10.10.101) and then times out after that.
If I move Client back into our 'proper' network, and do nothing other than give it a valid, fixed internal ip and 'proper' gateway address, ( our 'real' firewall address, ) it connects fine.
Client can ping both 10.10.10.101 and 213.130.129.xxx on Redhat.