[lug] Fedora, NAT, masquerading...iptables Rules versus firewall-config App
stimits at comcast.net
stimits at comcast.net
Mon Jun 9 21:21:23 MDT 2014
I have a fedora 19 machine with a real world IP address, and need its private 192.168.x.x ethernet to forward some linux appliances on this private net to the real world (they're all running one form or another of modified ubuntu for embedded systems). Being lazy, I can type in commands to enable ipv4 forwarding, then these iptables commands (private net is p2p1, public is em1):
iptables -A FORWARD -i p2p1 -j ACCEPT
iptables -A FORWARD -o p2p1 -j ACCEPT
iptables -t nat -A POSTROUTING -o em1 -j MASQUERADE
(see http://docs.fedoraproject.org/en-US/Fedora/11/html/Security_Guide/sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html )
This sort of works, as I can ping and use dotted decimal addresses, but DNS fails from the appliances. I haven't seen much IPv6 actually used in the real world, but I have to wonder if DNS failure is related to my iptables rules, or instead to something else (e.g., IPv6)?
I'm also wondering about the GUI firewall-config tool. It looks easy to use for forwarding of a dedicated port, but has anyone here used this tool for general forwarding from a private net to the public (as a router)? It looks like a port has to be named in this tool, and thus is not a general router setup tool.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20140610/a9f663ec/attachment.html>
More information about the LUG
mailing list