LinuxQuestions.org - Unable to ping internet through RH7.3 box w/ 2nics

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - Unable to ping internet through RH7.3 box w/ 2nics (https://www.linuxquestions.org/questions/linux-networking-3/unable-to-ping-internet-through-rh7-3-box-w-2nics-143148/)

Unable to ping internet through RH7.3 box w/ 2nics

OK here is the problem.

I have a RH7.3 Box with 2 nics

ETH0 is connected to the internet IP uses DHCP

ETH1 has a static IP of 192.168.5.100 which runs dns and dhcp to an internal network.

I have an XP box on the network which can not ping a linksys router with an IP of 192.168.1.1

I can ping Eth0 (192.168.5.100) and ETH1 (192.168.1.101) from the XP box but not the internet or lynksys router.

If I try TCP dump the ping gets to ETH1 but never ETH0. I can ping 192.168.1.1 and the internet for the linux box (via eth0) but not eth1.

Suggestions?

I have IP forwarding turned on and here is my firewall:

#!/bin/sh

#### FLUSH TABLES ####
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -t nat -F

#### POLICY SETTINGS ####
#iptables -P INPUT DROP # Drop all incoming packets
iptables -P FORWARD DROP # Drop all forwarded packets
iptables -P OUTPUT ACCEPT # Accept all outgoing packets

#### INPUT ####
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 192.168.5.0/24 -j ACCEPT

#### FORWARDING ####
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -d 192.168.5.0/24 -j ACCEPT

#### NATing ####
iptables -A POSTROUTING -t nat -o eth1 -j MASQUERADE

#iptables -P INPUT ACCEPT
#iptables -P OUTPUT ACCEPT
#iptables -P FORWARD ACCEPT
#iptables -t nat - A POSTROUTING -0 eth1 -j MASQUERADE

Here is the output or route

dest gw netmask flags metric ref use iface
192.168.5.0 * 255.255.255.0 U 0 0 0 eth1
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0

I think your Masquerade is missconfigured.
You want all traffic outbound for the internet to be Masqueraded, but now you have told it to Masquerade all connections exiting on the eth1 interface. Change it to:
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE

I tried with this line "iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE" and still no luck.

If I try traceroute 192.168.1.1 -i eth1 it tries 30 times with no luck.

Any other suggestions?

Here are my ifcfg for eth1 and eth0.

eth0:
DEVICE='eth0'
BOOTPROTO='dhcp'
ONBOOT='yes'
TYPE='Ethernet'
USERCTL='no'
NETWORK='192.168.0.0'
BROADCAST='192.168.0.255'
GATEWAY='192.168.1.1'

eth1:
DEVICE='eth1'
ONBOOT='yes'
IPADDR='192.168.5.100'
GATEWAY='192.168.1.1'
TYPE='Ethernet'
USERCTL='no'
NETMASK='255.255.255.0'
BOOTPROTO='none'
NETWORK='192.168.5.0'
BROADCAST='192.168.5.255'

I got it working.

The line:

iptables -P FORWARD DROP # Drop all forwarded packets

blocked the ping.

It works now. Thanks for the help.