IP forwarding in SuSe 8.0

[Roger Hayter]

In message <3CF02EBD.6000800 at linux-works.org>, Andrew Mathews 
<andrew_mathews at linux-works.org> writes
>Roger Hayter wrote:
>
>> I wonder if anyone has any ideas what might be going wrong here?  I 
>>have a Suse 8.0 machine which I plan to use as a router/firewall. 
>>Using routeable IPs. It has 3 NICs, one of which gets its address by 
>>dhcpcd (eth0).  This is for technical adsl modem reasons, but it is 
>>always the  same address.  IP forwarding works between the two NICs 
>>(on different  subnets) which have preset IPs (eth1 and eth2), and to 
>>the actual IP  address of eth0. Routing is set up so I can contact the 
>>wider Internet  from the firewall machine itself, via eth0, and both 
>>incoming and  outgoing connections work fine.  (Not left on long in 
>>this un-firewalled  config, in case anyone out there is listening!) 
>>But the kernel will not  accept any packets coming in from eth0 which 
>>should go to eth[1 or 2] or  vice versa.  It isn't the cards 
>>themselves, as I have swapped their  roles.  Is this a limitation of 
>>dhcp, or can anyone suggest another  theory?  I am tempted to try a) 
>>Suse 7.3 or b) dhclient instead of  dhcpcd, but either would be very laborious.
>
>Two things to check. Make sure that ip forwarding is enabled by doing an
>echo "1" > /proc/sys/net/ipv4/ip_forward to enable forwarding and set 
>up an ipchains rule such as:
>/sbin/ipchains -A forward -s 10.10.108.0/24 -j MASQ
>substituting the appropriate address and subnet.
>

Thanks but a) as I said, ip forwarding is on and actually works between 
the two internal subnets, and b) I don't want to do masquerading, as the 
internal machines are on routeable addresses.
Should I need an iptables rule for forwarding to the external interface 
if there are no rules set?  If so, could someone devise one for me, 
would the above work without the -j?

-- 
Roger Hayter