> > There's a network (192.168.0.0) with internet access via gateway
> > 192.168.0.1.
> > My computer (PC1 - 192.168.0.25) has RH 7.3 installed, everything
> > works great. I've added a second NIC (192.168.2.1) to this PC, and
> > attached a second PC (PC2 - 192.168.2.2) to this NIC. All services
> > work between PC1 and PC2, but I cannot ping any machine on the
> > 192.168.0.0 network from PC2 (except for PC1), much less getting
> > internet access from the PC2 machine (which pings 192.168.2.1 and
> > 192.168.0.25, both NICs in the PC1 computer but nothing beyond it).
> k...first let me try to understand what you mean
> internet --> 192.168.0.1 --> your PC (0.25) --> second PC
> right?
> You will need:
> - no routing on router (should be already be set up)
> - routing on PC2 (--> set PC1 as gateway)
> - enable forward in krnl ( echo 1 >/proc/sys/net/ipv4/ip_forward
> )
> - enable masquerading on router (the network 192.168.0.0/24 should not know
> about your PC2 and so pakets could not be dilivered without masquerading)
> ( iptables -t nat -A POSTROUTING -i <int_NIC> -o <ext_NIC> -j MASQUERADE)
> - enable forward ( iptables -A FORWARD -i <int_NIC> -j ACCEPT )
> this is just the basic setup without any firewalling, but it should work
> Volker
Thank you very much Volker, I really appreciate your help.
Regarding this issue, for future posters,
the iptables -t nat -A POSTROUTING -i <int_NIC> -o <ext_NIC> -j
MASQUERADE
command apparently has to be split in two (the POSTROUTING chain won't
take -i incoming_eth as a parameter).
iptables -t nat -A PREROUTING -i <int_NIC>
iptables -t nat -A POSTROUTING -o <ext_NIC> -j MASQUERADE
and, particularly for RedHat 7.3, you should check that it doesn't
start the ipchains script and that it does start the iptables script
at boot time, otherwise the iptables command won't work.
Mario
by