Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 09-23-2008, 03:05 PM   #1
Registered: Jun 2006
Location: Kenya
Distribution: SUSE OSS 10.1, Fedora 9 x86-64
Posts: 71

Rep: Reputation: 15
Post Problem with NAT using iptable

hi guys
Am trying to configure a Fedora box to NAT a LAN of network to a public ip but am getting an error when i try connecting to the internet from the LAN.

Internet >> Fedora box >>>( > LAN pc (

1. my /etc/sysconfig/iptables file is as below
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited

2. ip forwarding is enabled
[root@localhost ~]# sysctl -p /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
[root@localhost ~]#

3. From the LAN pc am getting the below on a ping to the DNS and a traceroute

mike@localhost network-scripts]$ ping
PING ( 56(84) bytes of data.
From icmp_seq=1 Destination Host Prohibited
From icmp_seq=2 Destination Host Prohibited
From icmp_seq=3 Destination Host Prohibited
From icmp_seq=4 Destination Host Prohibited

--- ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 2999ms

[mike@localhost network-scripts]$ traceroute
traceroute to (, 30 hops max, 40 byte packets
1 ( 0.168 ms 0.129 ms 0.081 ms
2 ( 0.114 ms !X 0.122 ms !X 0.123 ms !X
[mike@localhost network-scripts]$

is there anything am missing out? please help
Old 09-25-2008, 01:51 AM   #2
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
Yes you are missing something. You are not allowing the traffic from the LAN to cross to the internet on the FORWARD chain and return traffic back.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
what is an iptable? & how to seperate the network on the basis of iptable vinod.wagh Linux - Networking 1 09-11-2008 01:28 AM
forwarding packets with iptable and nat notsosmart Linux - Newbie 2 10-20-2006 03:07 AM
Susefirewall2 Nat Problem / nat 1:1 trubi Linux - Distributions 0 07-20-2004 05:50 AM
Iptable NAT issues and DCC Kristijan Linux - Security 9 01-08-2004 07:12 AM
iptable problem on 2.6.0 nikhil93 Linux - Networking 1 01-06-2004 01:13 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:15 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration