>I have two machines, "charlesc" and "server". Both are Red Hat 5.2.
>Server is a fresh installation.
I hope you've hardened those machines. Redhat is pretty insecure
out of the box if you ask me.
>Normal route on charlesc is:
>
>[root@charlesc /root]# route
>Kernel IP routing table
>Destination Gateway Genmask Flags Metric Ref Use
>Iface
>192.168.1.0 * 255.255.255.0 U 0 0 10
>eth0
>127.0.0.0 * 255.0.0.0 U 0 0 10
>lo
>
>
>When I run a shell script to add the default gateway, I get:
>
>[root@charlesc /root]# ./add.gateway
>Kernel IP routing table
>Destination Gateway Genmask Flags Metric Ref Use
>Iface
>192.168.1.0 * 255.255.255.0 U 0 0 10
>eth0
>127.0.0.0 * 255.0.0.0 U 0 0 11
>lo
>default server 0.0.0.0 UG 0 0 0
>eth0
Hmmmmm... You didn't post your route table on "server". You
need to have the 192.168.1.0 network defined on it. Its
probably there since you can ping server in the first place.
>case "$1" in
>'start')
># /sbin/ipfwadm -F -a m -S 192.168.1.3/32 -D 0.0.0.0/0
>
> /sbin/ipfwadm -F -p deny
> /sbin/ipfwadm -F -a m -S 192.168.1.3/32 -D 0.0.0.0/0
> ;;
>'stop')
> ;;
>*)
> echo "Usage: $0 { start | stop }"
> ;;
>esac
>exit 0
First, I would change it to say:
/sbin/ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0
^^^^
Try that out and see if that helps. Next, your ruleset is
ok but VERY insecure. Impliment a stronger firewall
ruleset like the one in TrinityOS (Linux distro hardening
is in there too).
--David
.----------------------------------------------------------------------------.
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
