notfred wrote:Yes, I had that rule in place. Thanks for checking though.From earlier in the threadnotfred wrote:You also seem to be missing a "-A POSTROUTING -o eth1 -j MASQUERADE" line from the end of your NAT table.
Did you fix that?
So many thanks you you for sticking with me notfred. I would so, so, so love to buy you some beers for all your help and maybe one day I'll get to - who knows.
The only thing not working with the firewall at this point is masquerading. I'm not going to give up until it works. It's pretty weird, but this is both the most determined I've been with Linux and the most unsuccessful. I've thrown more time at this than seems reasonable, but if this knowledge and experience remains useful for the next 10 years then it will easily have been worth it. I'm also far more capable with Linux than ever before.
I've got a Dell Poweredge 310 on the way with a quad core Xeon - way, way, way overpowered for the job it's going to be doing but it was a necessary purchase. We have a 42U rack with all of our servers in it and a 180AS console switch. I was using an old spare Optiplex with pfSense for the firewall and another old spare Optiplex for FTP and yet another old spare optiplex for network backups and then an ANCIENT Buffalo terrastation as our NAS. The plan is for the new PowerEdge to take the place of all of those. The Optiplex boxes did not work with the 180AS and they also have some capacitors going bad. The PowerEdge servers are pretty darn well built - not a single one that we have is having any problem what so ever after years of service. So the PowerEdge 310 is going to consolidate several functions into one machine, work with the 180AS, be long term reliable, has 4 hot-swap drive bays.
So that's the plan. I figure that when the server arrives I'll do a fresh install and fresh configuration of iptables and hopefully everything will work. If not I'll be sweating bullets In the mean time, I'm going to continue battling this problem until I get it resolved. It's just masquerading. It has to be fixable. I'll be back at it again tomorrow morning.