I'm setting up Firewall with a CentOs 6.0 for testing. I'm doing this on two virtualmachines.
First VM (Firewall) has 2 interface: eth0 - connected to NAT with 10.0.2.10, access to internet eth1 - connected to local vm network with 20.0.0.1
Second VM (Server) has 1 interface: eth0 - connected to local vm network with 20.0.0.2, GATEWAY 20.0.0.1.
They both have static ip's and dns. What I want to do is that Server have inet access via Firewall VM, to do that I've done those configurations:
VM1-Firewall: /etc/sysctl.conf net.ipv4.ip_forward 1 iptables -t nat -A POSTROUTING --out-interface eth0 -j MASQUERADE iptables -A FORWARD --in-interface eth1 -j ACCEPT
VM2-Server: Just set that the gateway is the firewall 20.0.0.1 and DNS is 8.8.8.8
When I try to ping, for example, 8.8.8.8 it says Destination Host Prohibited.
Could anyone tell me what I'm doing wrong? I think it's iptables doesnt redirect traffic from eth1 to eth0 but it should do with this config, no?
Thanks a lot!
Due to default denying firewall policy you should rather use
iptables -t nat -I POSTROUTING --out-interface eth0 -j MASQUERADE
iptables -I FORWARD --in-interface eth1 -j ACCEPT
-A option appends the rule at the end of iptables chain. The default drop policy will firstly drop the packet and ignore further matching rules.