[lug] Fedora, NAT, masquerading...iptables Rules versus firewall-config App

[John Hernandez]

It would help to know what IP address(es) the clients are trying to
use for DNS resolution.  If it's an address on your private LAN (like
your Fedora 19 server), then that server will need to provide DNS
resolution (eg. dnsmasq).  Or, you can configure the clients to point
to your ISP's resolvers (or even 8.8.8.8 for a quick & dirty test)


On Mon, Jun 9, 2014 at 9:21 PM,  <stimits at comcast.net> wrote:
> I have a fedora 19 machine with a real world IP address, and need its
> private 192.168.x.x ethernet to forward some linux appliances on this
> private net to the real world (they're all running one form or another of
> modified ubuntu for embedded systems). Being lazy, I can type in commands to
> enable ipv4 forwarding, then these iptables commands (private net is p2p1,
> public is em1):
> iptables -A FORWARD -i p2p1 -j ACCEPT
> iptables -A FORWARD -o p2p1 -j ACCEPT
> iptables -t nat -A POSTROUTING -o em1 -j MASQUERADE
>
> (see
> http://docs.fedoraproject.org/en-US/Fedora/11/html/Security_Guide/sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html
> )
>
> This sort of works, as I can ping and use dotted decimal addresses, but DNS
> fails from the appliances. I haven't seen much IPv6 actually used in the
> real world, but I have to wonder if DNS failure is related to my iptables
> rules, or instead to something else (e.g., IPv6)?
>
> I'm also wondering about the GUI firewall-config tool. It looks easy to use
> for forwarding of a dedicated port, but has anyone here used this tool for
> general forwarding from a private net to the public (as a router)? It looks
> like a port has to be named in this tool, and thus is not a general router
> setup tool.
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety