basic linux firewall configuration

I have a redhat 6.1 computer with 2 network cards in it. I have a cable modem with a static ip. my normal configuration for internet access is IP: DG: . So on the computer with the firewall I set the first card with that IP, then on the second card (eth1) I am using .
From the firewall computer I can ping the internet and my computer with the 192.168 IP number ( /WIN 98 machine).
From the win98 machine I can ping the ip and I can ping the ip for eth0, but I can't ping (Default gateway).   
                  \                /
Internet_ _ \|firewall|/_ _ _ Win98
Does that help?
I have IP_forawrding turned on (1)
I think the problem lies in the default gateway setting for the win98 machine? Do I tell it or
or do I use the default gateway from my ISP

Thanks Matt          

Who is Participating?
j2Connect With a Mentor Commented:
What i would do is to simply download "pmfirewall" ( download it, untar it, run the install script and just answer the questions (remember to say "yes" to 'Should this computer masquerade for other systems?') And you will be all set plus you now have a decent firewall.

Also my "Monday, March 20 2000 - 01:18PM CET " comment should have been

"via a hub, you must use a crossover cable to connect it directly to a computer."

Or if you dont need a firewall just do this on the linux

echo 1 > /proc/sys/net/ipv4/ip_forward
ipchains -A forward -s -b -j MASQ

then set the clients to use as their default gw, and set them to use the DNS of your ISP.
You set your default gateway on the windows machine to  You also need to make sure your routing tables in the Linux computer are set up properly.
route add -net netmask gw dev eth0
route add -net netmask gw dev eth1
Also make sure your default gateway for the linux box is  You can easily set this up with "netconfig" or "linuxconf".

You can set all this up in "linuxconf" or "netconfig" but you may want to enter them manually using the route command above until you are sure you have it correct.  You may use the "route" command to see the current contents of your routing tables.

Also when you have it working right configure it using netconfig or linuxconf or add the following to your /etc/sysconfig/static-routes" file:
eth0 net netmask gateway
eth1 net netmask gateway

My answer assumes your netmask on both networks is  Also you may want to consider using ipchains to set us some packet filtering firewall rules to increase your security.  Also have you considered using IP masquerading?
If you only have a single static IP you have to use IP Masquerade on the Linux box, IP forwarding won't work. Take a look at the IP Masquerade howto for an explantion of why you need it, what it does, and how to do it (

You don't need to futz with the routing tables. They are already correct for Internet access, and the network is in the routing table already simply because any locally attached network is automatically reachable. However, mzehner is correct in that the default gateway for any hosts on the inside network is the IP of the inside NIC of the linux box 9192.168.1.1).
A proven path to a career in data science

At Springboard, we know how to get you a job in data science. With Springboard’s Data Science Career Track, you’ll master data science  with a curriculum built by industry experts. You’ll work on real projects, and get 1-on-1 mentorship from a data scientist.

unomateoAuthor Commented:
one question about the connection to my hub?
Before when the csble modem went straight to my hub the uplink light was lit?
now when I go thru the firewall computer it isn't, (cable to the firewall than out the ethernet card with 192.168. then to the hub)
is this a problem also?
Maybe, maybe not. Since I don't know what hub you've got, I don't know if it has an "Uplink port". Such a port has a built in cross-over wiring and is used to connect the hub to another hub or router. Other equipment shouldn't be connected to the "Uplink port" as you'd have to use an cross-over cable to to so. It seems to me that I've seen a smart hub that could automatically sense whether it needed to use a cross-over configuration for either the first or last port, and would light the "Uplink" light if it did so. Check the docs for your hub and see what it's supposed to do.
Considering the gateway for the real Internet network should be seen to get access through, you should tell them about IP address That's the only IP they can see on that machine. Actually if they could see the real IP addresses a gateway wouldn't be needed. :)
"Before when the csble modem went straight to my hub the uplink light was lit?
now when I go thru the firewall computer it isn't," That means the modem uses a crossoverport, so that user can use a straight cable to connect directly to an ethernet device, you must use a crossover cable to connect it to a hub.
also "I have IP_forawrding turned on (1)" That isnt enough, that just enables it, you also must give it "rules" with ipchains to work. If you do not have ipchains installed, it is available on your RH CD, or from
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.