On Sun, 28 Jun 2015, Brian Miller wrote:
On Sun, 2015-06-28 at 14:50 -0400, Max Pyziur wrote:
I haven't setup the firewall yet (dangerous, I know) until I get the connectivity working.
I'm obviously overlooking some other configuration settings required for machines inside the network being able to connect through the gateway/router.
As others have pointed out, you're either missing a NAT layer or you got a large enough IP allocation to subnet and you haven't set up routing. Probably safe to assume it's NAT.
I'd suggest at a minimum you install something like shorewall to assist in managing your firewall and IP masquerading tasks. It's available in EPEL, is very well documented, and provides enough built in sanity checks to protect you against making some silly (and some not so silly) mistakes in your firewall management.
Thanks to all for pointing me in the direction of iptables and IP masquerading.
From several sources, code, the stock CentOS iptables I've cobbled the
following /etc/sysconfig/iptables; while it works, I suspect that there are holes: # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A POSTROUTING -j MASQUERADE COMMIT *filter :INPUT DROP [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT COMMIT
I also seem to need to load iptable_nat nf_nat_ftp
via rc.local
Is this correct?
Thank you again,
Max