RHEL 6 gateway config

Latest response



I am trying to configure a RHEL 6 server as a gateway to the internet for an inner server.


The gateway server (server1) has 2 NICs:




default gateway


The inner server (server2) has:



default gateway


I have forwarding allowed:

# cat /proc/sys/net/ipv4/ip_forward

# iptables -L -n -v

Chain FORWARD (policy ACCEPT 79 packets, 6636 bytes)


I can ping and ssh from server1 to server2, and vice-a-versa.   I cannot ping the ultimate gateway and beyond


You can see from the FORWARD accept packets that the pings are arriving at server2.


I have tried to configure SNAT with this unsuccessfully:


iptables -t nat -A POSTROUTING -o em1 -j MASQUERADE


Thanks for any help you can provide.


it looks like using postrouting to the IP address of server1 gets server2 to the internet


On server1, I added this:


iptables -A POSTROUTING -s -o em1 -j SNAT --to-source

in order to make server2 accessible from the internet, I configured DNAT.


I added server2's external IP address to server1's external NIC.


# ip addr add dev em1


Then added PREROUTING DNAT to route server2's external address to the inner address.


# iptables -t nat -A PREROUTING -d

    -j DNAT --to-destination


Both of these commands are done on server1.


The results show this:


# ip addr show em1

2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000

    inet brd scope global em1


    inet scope global secondary em1

# iptables -L -n -v -t nat
Chain PREROUTING (policy ACCEPT 380 packets, 49318 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    5   312 DNAT       all  --  *      *        to: