0

To simplify, let's say I got a network with 3 servers (all runnning centos 6.4) in a row:

Internet---FW---LN---PN

FW: firewall
LN: login node
PN: processing node

i can ping from the FW to the world, but not from the LN or the PN.

I have IP FORWARDING enabled AND IPTABLES disabled in the LN:

[root@meta ~]# !1005
cat /proc/sys/net/ipv4/ip_forward 
1


[root@meta ~]# !1014
iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

So my questions is: if i have iptables disabled, does the IP forwarding works? or do i need to raise the IPTABLES and write a forward rule?

Thanks -Ricardo

rica01
  • 3
  • 2

2 Answers2

2

Yes, in your configuration, assuming your network is routed properly, it should forward correctly. If you can ping FW from LN but not Internet from LN, you need to check your firewall rules on FW and routing rules on LN and FW. Verify that either LN has a public IP address, or your firewall is properly forwarding connections back to LN from the internet and NATing LN's outgoing traffic.

Andrew Domaszek
  • 5,103
  • 1
  • 14
  • 26
0

If you are using private address spaces (192.168..., 172..., 10....) then you might need to configure NAT. You can do this only with NetFilter aka iptables.

Another solution would be to use an application proxy and no routing.

Mircea Vutcovici
  • 16,706
  • 4
  • 52
  • 80