Hi,

I have windows box IP 10.1.10.2 on switch2 (LAN) and CentOS router IP 192.168.1.142 and 10.1.10.1 on switch1 (WAN) and switch2 (LAN). Switch 1 is connected to the WAN whose default gateway is 192.168.1.1

All boxes can ping each other fine. The router can ping the WAN gateway and ping the Windows box on the LAN. The Windows box can ping the router at 10.1.10.1 and the centos7 router can ping google.com

However, I can't get to the internet from the windows box.


I did the following steps on the centos7 router, where I am I going wrong with this?

Did you enable forwarding (wondering outloud??) https://rhel7tutorial.wordpress.com/...ip-forwarding/

Yes, did that right away - see line 2,3 and 4 in my above listed steps I did.

What do your firewall rules look like? (No, don't post that. The iptables rules that firewalld generates are not meant for human comprehension.) I see you disabled firewalld, which prevents it from starting automatically but doesn't affect the current session. At a minimum you need a firewall rule in the "nat" table to masquerade forwarded traffic so that the packets will use your public IP address as their source address. Without that, responses cannot be routed back to you.

You should either configure firewalld to do what you need, or else stop and mask it entirely ("systemctl mask ..." means block the unit from being started by any means, automatic or manual) and generate your own ruleset from scratch. (And BTW, stopping the firewalld service does not flush whatever iptables rules are currently in effect.) Unless you're an expert, it's going to be a lot easier just to configure firewalld (Applications -> Sundry -> Firewall). See Configuring Firewalld.