Not able to connect to Internet from Client Machine through Linux 8.0 server

O.K.
I have changed IPTables polycies giving permission to all in "IPTables" file in directory "/etc/sysconfig" of Linux 8.0

My Internet connection is through interface "eth1" IP address "192.168.1.8" (This is given by ISP with default gatway "192.168.1.1" and some DNS setting.)
My LAN interface is "eth0" IP address "192.168.0.102"
Each client has been assigned IP addresses ranging between 192.168.0.10-70 with default gatway as "192.168.0.102" set on all clients machines
IPTables file is as follows :.
############

*filter
-A INPUT -p ALL -j ACCEPT
-A FORWARD -p ALL -j ACCEPT
-A OUTPUT -p ALL -j ACCEPT#
COMMIT
#############

Then I have restarted iptables as follows:
[root@xxx root] /etc/init.d/iptables restart
Flushing all current rules and user defined chains: [ OK ]
Clearing all current rules and user defined chains: [ OK ]
Applying iptables firewall rules: [ OK ]

All Clients machines are connected to server by SAMBA(smb) network. SAMBA works fine That means protocal TCP is passing from server to Client and vis-e-versa properly. Then why I am not able to connect to Internet from Client machine.

I tried to connect to Internet by "IE" from client machine but could not do so.
I have set connection properties of "IE" on client machine as "Automatically detect settings"
I getting error in "IE" at client machine as "Page not found". On all clients machine default Gateway is set to 192.168.0.102.
Do not know what is the problem. Once I can access Internet From Client machine I can fine tune IPTables settings subsequestly.
Requesting help.

Thanks

try to type 1 in your /proc/sys/net/ipv4/ip_forward file:
open a shell and type "echo 1 >> /proc/sys/net/ipv4/ip_forward"

and to enable this at boot type this in your /etc/rc.d/rc.local file:
echo 1 >> /proc/sys/net/ipv4/ip_forward

O.K.
As suggested my edited "iptables" file is as follows
############

*filter
-A INPUT -p ALL -i eth1 -j ACCEPT
-A INPUT -p ALL -i eth0 -j ACCEPT
-A INPUT -p ALL -i lo -j ACCEPT

-A FORWARD -p ALL -i eth1 -j ACCEPT
-A FORWARD -p ALL -i eth0 -j ACCEPT
-A FORWARD -p ALL -i lo -j ACCEPT

-A OUTPUT -p ALL -s 192.168.1.8 -j ACCEPT
-A OUTPUT -p ALL -s 192.168.0.102 -j ACCEPT
-A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
COMMIT

*nat
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth1 -j MASQUERADE
-A POSTROUTING -o eth0 -s 192.168.0.100/24 -j MASQUERADE
-A POSTROUTING -o etho -s 192.168.0.101/24 -j MASQUERADE

COMMIT
echo 1 >> /proc/sys/net/ipv4/ip_forward
#############

Still problem not solved.

ads,
don't modify iptables but /etc/rc.d/rc.local.
So, remove the line with "echo ..." and put it in the rc.local file

And please don´t cross-post.

I have removed line from Iptables file I run separatly from termonal wondow
echo 1 >> /proc/sys/net/ipv4/ip_forward

I will not cress-post in future. I was not aware of that.

I can ping from clients machine to Linux server "eth0" and "eth1" and to default Gateway of ISP.
that is 192.168.1.1.
I can ping properly to following IP's.
ping 192.168.0.102 (eth0)
ping 192,168.1.8 (eth1)
ping 192.168.1.1 (default Gateway of ISP)

1)
I can ping from client to Internet (207.106.22.2) It displays home page of that site on clients machine.

If I enter "www.saimedia.net" which is domain name of "207.106.22.2" in browser, it does not display home page of that site.

2) I can ping from client to Internet IP 202.54.1.20 and 203.197.12.42. It works fine. IF I enter IP thes Ip Address in browser It gives error page not found. IF i enter corresponding Domain Names It gives same error.

Help me.
Thanks for support

What is the point of opening another thread on the same topic? I've tried to help you in the other thread. Your best bet is to look at the tutorials at netfilter.org. If you can ping IP addresses on the internet but can't resolve hostnames then you probably have the firewall blocking DNS requests. Also, check to be sure your broswer's connection settings are set to use the LAN and not a dial-up connection.

I have tried adding line below to iptables file.
#####
-A INPUT -p ALL -s 192.168.1.8 --destination-port 53 -j ACCEPT
######
I think this allows DSN through -s 192.168.1.8(that is through Internet "eth1"). After restarting iptables get following error.

[root@localhost root]# /etc/init.d/iptables restart
Flushing all current rules and user defined chains: [ OK ]
Clearing all current rules and user defined chains: [ OK ]
Applying iptables firewall rules: iptables-restore v1.2.6a: Unknown arg `--destination-port'
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
[FAILED]
I am totally new to this.
Thanks for help.

Hi damonbrinkley,
I searched documentation, Tutorials, FAQ from netfilter.org but could not get proper clue to allow DNS through iptables. I refered "Iptables Tutorial 1.1.18" by Oskar Andreasson on netfilter.org which discuss iptables and nat elaboratly.
Requesting you to guide me on this issue.
Thanks for support.

You need to start by allowing all traffic in and out and have a masquerading rule for NAT. Then worry about allowing only certain traffic.

Try:

modprobe iptable_nat

iptables -A INPUT -j ACCEPT
iptables -A OUTPUT -j ACCEPT
iptables -A FORWARD -j ACCEPT
iptables -t nat -A POSTROUTING -o <your external interface> -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward


Put those commands in a script and run it. It should come back with no errors. If that doesn't work then you have problems other places and not with your firewall/NAT. This is the most simple script to get masquerading to work.

As suggested I have edited iptables file as follows.
###########
*filter

-A INPUT -j ACCEPT
-A OUTPUT -j ACCEPT
-A FORWARD -j ACCEPT

COMMIT

*nat

-A POSTROUTING -o eth1 -j MASQUERADE

COMMIT
#######
Then I run following command on terminal window:
[root@localhost root]# modprobe iptable_nat
[root@localhost root]# /etc/init.d/iptables restart
Flushing all current rules and user defined chains: [ OK ]
Clearing all current rules and user defined chains: [ OK ]
Applying iptables firewall rules: [ OK ]
[root@localhost root]# echo 1 > /proc/sys/net/ipv4/ip_forward
[root@localhost root]# /etc/init.d/smb restart
Shutting down SMB services: [ OK ]
Shutting down NMB services: [ OK ]
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]

It has not given any error.

Then I pinged IP address from Windows 98 client machine.
ping 192,168.1.8 ("eth1" Internet IP)
ping 192.168.1.1 ("eth1" default gateway)
ping 202.9.136.6 (IP address of DSN of ISP)
I can ping to extarnal IP also. I got 2 name server ID's of domain "saimedia.net" from "www.networksolutions.com/whois/whois" and tried to ping them as follows:

If I ping 207.106.22.2 It displays Under Construction page in browser.
If I ping 203.199.109.161 it maps correctly to "http://www.web-werks.com/index.shtml" in browser but displays error message "Page can not be displayed".

If I enter these IP addresses from server browser Then it displays "Under Construction" page and "Home page" respectively of that site correctly .
I am giving this in detail so that you can get the problem.

Thanks for support.

I don't know why you keep reloading Samba....it has nothing to do with this, it's for file sharing. You must have other issues other than your firewall rules if it doesn't work with the most basic rules I gave you.

Hi damonbrinkley,
This time I don eit without loading samba.
It has not given any error. All pinging works fine
When I enter URL in client browser. It displays error message:

"Page can not be displayed" and at the bottom of the message It says
"Cannot find server OR DNS error".
Does this mean It has something to do with DNS?
Thanks for support.

If you can ping by IP address to hosts on the Internet but can't resolve hostnames then you either have the wrong DNS IP settings or your browser's connection is misconfigured. The NAT seems to be working just fine.

you have to put the right DNS server IP in each client pc.
also try to ping the host address to make sure it's not a problem with explorer.