James Youngman wrote:
>
> This packet forwarding should happen if IP-forwarding is enabled (you
> can do this in control-panel or by
> "echo 1 >/proc/sys/net/ipv4/ip_forward".
Hm. . . well, '#cat ip_forward' gave me a 0, so I changed it to 1, but I
still can't get past the firewall.
> Any individual packet will be forwarded if it passes the input rules,
> the forwarding rules *and* the output rules.
I've been wondering about this: The closest thing I've found to a
complete recipe for a setup like this listed forwarding rules for the
protected net->anywhere, and lots of different output rules, but no
output rule for the protected net->anywhere. Do I also need that output
rule? The forwarding rule I have right now is masquerade; do I also
need one for accept?
Regardless of my rules though, I think something else must be wrong;
even with ip_forward=1 and all of my filtering rules set to default
accept, I STILL can't make anything go from inside the protected net to
outside.
> I think that if you can
> see a packet with tcpdump, it must have passed the input rules.
Thanks for the tip on this; now piecing through the tcpdump man page.
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
