On Sun, 28 Jun 2015, Brian Miller wrote: > On Sun, 2015-06-28 at 14:50 -0400, Max Pyziur wrote: > >> I haven't setup the firewall yet (dangerous, I know) until I get the >> connectivity working. >> >> I'm obviously overlooking some other configuration settings required for >> machines inside the network being able to connect through the >> gateway/router. > > As others have pointed out, you're either missing a NAT layer or you got > a large enough IP allocation to subnet and you haven't set up routing. > Probably safe to assume it's NAT. > > I'd suggest at a minimum you install something like shorewall to assist > in managing your firewall and IP masquerading tasks. It's available in > EPEL, is very well documented, and provides enough built in sanity > checks to protect you against making some silly (and some not so silly) > mistakes in your firewall management. Thanks to all for pointing me in the direction of iptables and IP masquerading. >From several sources, code, the stock CentOS iptables I've cobbled the following /etc/sysconfig/iptables; while it works, I suspect that there are holes: # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A POSTROUTING -j MASQUERADE COMMIT *filter :INPUT DROP [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT COMMIT I also seem to need to load iptable_nat nf_nat_ftp via rc.local Is this correct? Thank you again, Max