Hi, I have a PC router using IP tables for routings. The problem is, my PC right beside my PC router cannot browse to internet but the other protocols can pass thru my PC router. Im using DNS server in back of my PC router. (i mean out of PC my network). Im using FC2 and my firewall is IP tables v1.1. Thanks.

sounds like you still need to switch http on somewhere - either the router or at the PC. An easy check - turn the PC firewall off and then try.

So what are the route and iptables settings/config (router and PC) with regards http packets?

Here, please take a look at my IPtables config...

#!/bin/bash
# $Id: iptables-rules.sh,v 1.1 2002/06/18 11:36:51 eric Exp $

# location of ipchains
IPTABLES=/sbin/iptables

# flush all rules
$IPTABLES -F
$IPTABLES -F -t nat

# allow from localhost
$IPTABLES -A INPUT -i lo -j ACCEPT

$IPTABLES -A INPUT -s 192.168.0.0/24 -j ACCEPT
#$IPTABLES -A INPUT -s 192.168.1.0/24 -j ACCEPT
$IPTABLES -A INPUT -s 192.168.2.0/24 -j ACCEPT

# turn on IP Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
ip route add 192.168.0.1/24 via 192.168.1.1 2>/dev/null >/dev/null

#Transparent Proxying
# $IPTABLES -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
# $IPTABLES -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 3128

# stateful: allow incoming from establish connections
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# TRAFFIC SHAPING
# Mark acknowledge packets of an established session between 40 and 100 bytes:


$IPTABLES -t mangle -A PREROUTING -p tcp --tcp-flags ALL ACK -m state --state ESTABLISHED -m length --length 8:10 -j MARK --se
t-mark 20


# Mark SSH packets that starts new sessions with a packet length between 40 and 68 bytes:

$IPTABLES -t mangle -A PREROUTING -p tcp --dport 22 --syn -m state --state NEW -m length --length 40:68 -j MARK --set-mark 22


# location of ipchains
IPTABLES=/sbin/iptables

# flush all rules
$IPTABLES -F
$IPTABLES -F -t nat

# allow from localhost
$IPTABLES -A INPUT -i lo -j ACCEPT


# stateful: allow incoming from establish connections
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -t mangle -A PREROUTING -s 192.168.3.0/24 -j MARK --set-mark 20

# allow icmp
# 0 - echo-request (pong)
# 3 - destination-unreachable
# 4 - source-quench
# 5 - redirect
# 8 - echo-request (ping)
# 11 - time-exceeded
# 12 - parameter-problem
$IPTABLES -A INPUT -p icmp --icmp-type 0 -j ACCEPT
$IPTABLES -A INPUT -p icmp --icmp-type 3 -j ACCEPT
$IPTABLES -A INPUT -p icmp --icmp-type 4 -j ACCEPT
$IPTABLES -A INPUT -p icmp --icmp-type 8 -j ACCEPT
$IPTABLES -A INPUT -p icmp --icmp-type 11 -j ACCEPT
$IPTABLES -A INPUT -p icmp --icmp-type 12 -j ACCEPT
$IPTABLES -A INPUT -p icmp -j DROP

# log
$IPTABLES -A INPUT -p udp --dport 137:139 -j DROP
$IPTABLES -A INPUT -p tcp --dport 135 -j DROP
$IPTABLES -A INPUT -p tcp --dport 139 -j DROP
$IPTABLES -A INPUT -p tcp --dport 2600 -j DROP

# block all incoming connections
$IPTABLES -A INPUT -p tcp --dport 22 -j LOG
$IPTABLES -A INPUT -p tcp --dport 10000 -j LOG
$IPTABLES -A INPUT -p tcp --dport 7000 -j LOG

#$IPTABLES -A INPUT -j LOG --log-level 6 --log-prefix "iptables "
$IPTABLES -A INPUT -j DROP

All firewalls exept my iptables is off.
My PC can ping ip addresses on the internet but only the DNS server is not responding. I have a test PC using different subnet of my PC router (i devided my ip's into 2 subnets, 1 subnet for my PC router and one for my test PC), im using same DNS server and it works.

Here is my network diagram...


ISP --------------- PC router ----------------- Router --------------- My PC

Any help would be appriciated.

Thanks.