Well, reading through the FAQ of arno's firewall, it should be as easy as specifying
INTERNAL_NET="192.168.0.0/24" in firewall.conf Strangely, if I modify /etc/arnos-iptables-firewall/firewall.conf accordingly, nothing changes. All iptable entries remain the same (as verified with iptables -L after restart of arnos firewall). Michael wrote: > Hmm, I am not even able to add a rule to the firewall to forward data from > 192.168.0.128/25 to EXTIF > > :-( > > > This seems to be more complex that I thought. After adding the route to > the astlinux box, teh subnet is freely reachable within the LAN, but it > cannot access the internet. > > Is there somewhere a good tutorial to arno's firewall? > > Thanks > > Michael > > Michael wrote: > >> Hi Tom >> >> Thanks for the answer. >> >> Using elocal was what I had in mind. However, the firewall rules also >> need to be adapted. >> >> The case on doc.astlinux.org refers to the astlinux net being a subnet. >> In my case the astlinux is the main net with an activated firewall to the >> internet. >> >> If I understand the firewall config correct it only fowards data between >> the EXTIF and the INFIF for the nets that are defined on the network tab. >> This means in my case 192.168.0.0/25 (netmask 255.255.255.128). >> >> The subnet of mny LAN has 192.168.0.128/25 (netmask 255.255.255.128). >> >> The route command allows astlinux to route the packages for the subnet >> correctly. But the firewall will only allow 192.168.0.0/25 to traverse to >> the internet. >> >> It might be possible to add custom rules into arnos firewall. But there >> might also be a simpler way, I hope... >> >> Michael >> >> Tom Chadwin wrote: >> >>> Hi Michael >>> >>> See if the instructions on the following page suit your requirements: >>> >>> http://doc.astlinux.org/userdoc:tt_network_config >>> >>> Cheers >>> >>> Tom >>> >>> >>>> -----Original Message----- >>>> From: Michael [mailto:[email protected]] >>>> Sent: 14 July 2010 09:31 >>>> To: [email protected] >>>> Subject: [Astlinux-users] Static routes >>>> >>>> Hello >>>> >>>> Just a short question: Where would I add static routes into astlinux? >>>> >>>> In my LAN I have another (small) router with a subnet. >>>> Actually, it is a linux box that simply connects another room >>>> via WLAN with the astlinux main router. >>>> >>>> I would liked to have used bridging instead of nat for the >>>> small router but there seems to be a bug in wpa_supplicant >>>> that does not allow it to work properly on a bridge. >>>> >>>> So I need to define a static route into the astlinux router, >>>> something like: >>>> >>>> So, if my main LAN is 192.168.0.0/25 and the subnet is >>>> 192.168.0.128/29 then I would need to add a route like this >>>> >>>> route add -net 192.168.0.128 netmask 255.255.255.248 gw >>>> 192.168.0.129 dev >>>> br1 >>>> >>>> Hmm, I guess I also need to adapt the firewall as it will >>>> only forward data from EXTIF to INTIF for the main net... (?!) >>>> >>>> Or is there a simple way to do it which also adapts the >>>> firewall accordingly? >>>> >>>> Thanks >>>> >>>> Michael >>>> >>>> > > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Sprint > What will you do first with EVO, the first 4G phone? > Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
