routes are killing me - how to?
William Carty
yellowdog-general@lists.terrasoftsolutions.com
Wed Nov 6 19:39:01 2002
> -----Original Message-----
> From: yellowdog-general-admin@lists.terrasoftsolutions.com
> [mailto:yellowdog-general-admin@lists.terrasoftsolutions.com]On Behalf
> Of Stefan Jeglinski
> Sent: Wednesday, November 06, 2002 9:26 PM
> To: yellowdog-general@lists.terrasoftsolutions.com
> Subject: RE: routes are killing me - how to?
>
> When you say "from the router" do you mean from the Linux box acting
> as the router, or the physical router shown in my diagram? The Linux
> box can ping all on the 63.x.x.x network as well as the physical
> router. The linux box can ping 192.168.0.1. The Linux box cannot ping
> the other 192.x.x.x hosts.
When I say "from the router", I mean from the Linux box.
It sounds like the Linux box is okay.
<snip>
> So, my understanding is weak. I thought I first had to get the
> routing table configured to pass packets from the private network
> through the Linux box to the outside world, then set up iptables as
> an add-on. IOW, since I first want to pass all traffic (get it
> working), I thought I didn't need iptables as a first step. You're
> saying there's an interrelationship that is unavoidable, eh?
>
Well I wouldn't go so far as to say unavoidable - as Robert pointed out, all
you *really* need to do is to enable IP forwarding... however, IMO you're
simply nuts if you don't provide some level of firewalling for your internal
hosts... so, I guess you could say they really go hand in hand - one
compliments the other. Just a matter of your point of view.
It sounds like you're on the right track here. I'd go ahead & start working
on your IPTABLES rules & take it from there. There are quite a few good
tutorials regarding IPTABLES, so you shouldn't have much trouble figuring it
out.
Good luck.
Will