Yesterday I got a new computer as my homeserver, a HP Proliant Microserver.
Installed Arch Linux on it, with kernel version 3.2.12.
After installing iptables (1.4.12.2 – the current version AFAIK) and changing the net.ipv4.ip_forward key to 1, and enabling forwarding in the iptables configuration file (and rebooting), the system cannot use any of its network interfaces. Ping fails with
Ping: sendmsg: operation not permitted
If I remove iptables completely, networking is okay, but I need to share the Internet connection to the local network.
eth0 – wan NIC integrated on the motherboard (Broadcom NetXtreme BCM5723).
eth1 – lan NIC in a pci-express slot (Intel 82574L Gigabit Network)
Since it works without iptables(server can access the internet, and I can login with ssh from the internal network), I assume it has something to do with iptables. I do not have much experience with iptables, so I used these as reference (separate from each other of course…):
wiki.archlinux.org/index.php/Simple_stateful_firewall#Setting_up_a_NAT_gateway
revsys.com/writings/quicktips/nat.html
On my previous server, I used the revsys guide to set up nat, worked like a charm.
Anyone experienced anything like this before? What am I doing wrong?
Best Answer
The error message:
means that your server is not allowed to send ICMP packets. You need to allow your server to send traffic via one or more of the configured interfaces. You can do this by:
Set
OUTPUTchain policy toACCEPTto allow all outgoing traffic from your box:OUTPUTchain policy toDROPand then allow selectively the type of traffic you need.This applies to all chains not only the
OUTPUTchain.INPUTchain controls the traffic received by your box.FORWARDchain deals with traffic forwarded through the box.