All the firewalls I've built to date have private IPs on the inside with one public IP on the NIC to the internet. The firewall does NAT and intense packet filtering. They all work like charms.
I've built a new firewall that has to have 2 public IPs (inside and out). I configure the NICs, make sure IPV4_FORWARDING is on and routed is running (-q flag).
Iadd the following to the routing table:
route add -host <ip of Host 1> dev <inside interface>
This is so I can ping Host 1 and send icmp packets back to it.
From the firewall itself, I can ping anywhere.
Host 1: I configure it to have a public IP (same subnet) and set the gw to be the inside public IP of the firewall. I can ping the inside public IP of the firewall and the outside public IP of the firewall. However, I cannot ping beyond the outside IP of the firewall.
Strange occurance:
I change the firewall to have a private IP on the inside NIC. I issue the command:
ipchains -A forward -s <private ips> -j MASQ
Host 1: I configure the NIC for a private IP and change the gw. Now I can ping anywhere.
I know this is a basic one but it's eluding me.
Thoughts?
Thanks,
Nicci
