Lan to Wan reprise
Jeff Vian
jvian10 at charter.net
Mon Mar 14 01:41:30 UTC 2005
On Sun, 2005-03-13 at 20:16 -0500, Claude Jones wrote:
> On Sun, 13 Mar 2005 19:58:34 -0500, Jeff Vian <jvian10 at charter.net> wrote:
>
> > On Sun, 2005-03-13 at 19:33 -0500, Claude Jones wrote:
>
> >> Now, if I could just figure out where the block is
> >> between my Lan and my Wan ---
> >>
> >>
> > That just about has to be "something" in the iptables setup. The LAN
> > machines get to the firewall box. The firewall box gets to the
> > internet. But the LAN boxes don't get passed through.
> >
> > It would need to be related to 1) ip forwarding, 2) ip masquerading aka
> > NAT, or 3) otherwise blocking.
> >
> > I have not looked at your script, and am not an expert on iptables
> > scripts anyway but I can identify the location and likely part
> > containing the problem.
> >
> > One approach may be to set up tcpdump to capture a small part of a
> > session that should work but does not, then analyze it to see what is
> > blocking the passthrough.
>
> I'm reading up on how to set up some sort of trace to log what's going on
> as I write.
>
> I hope someone who's an iptables guru can find the time to look through my
> script. I have the feeling this is a case of "The Purloined Letter". The
> answer is in front of my face but after 18 hours of fighting this, I'm
> blind ---
>
Just a thought. What did you use to create the firewall script?
As one who is not a guru on iptables I find fwbuilder a very good tool
for what I need and it does the script building for me. As long as you
can build the firewall rules with graphics objects it can convert it to
a usable script for setting the rules on the server for you.
I have used it for both servers on the internet, and for firewall
machines as you are doing.
>
>
> --
> Claude Jones
> Bluemont, VA
>
More information about the users
mailing list