Try editing /mnt/kd/arno-iptables-firewall/firewall.conf Tom
> -----Original Message----- > From: Michael [mailto:[email protected]] > Sent: 14 July 2010 15:13 > To: [email protected] > Subject: Re: [Astlinux-users] Static routes > > Well, reading through the FAQ of arno's firewall, it should > be as easy as specifying > > INTERNAL_NET="192.168.0.0/24" in firewall.conf > > Strangely, if I modify /etc/arnos-iptables-firewall/firewall.conf > accordingly, nothing changes. All iptable entries remain the > same (as verified with iptables -L after restart of arnos firewall). > > > > > Michael wrote: > > > Hmm, I am not even able to add a rule to the firewall to > forward data > > from > > 192.168.0.128/25 to EXTIF > > > > :-( > > > > > > This seems to be more complex that I thought. After adding > the route > > to the astlinux box, teh subnet is freely reachable within the LAN, > > but it cannot access the internet. > > > > Is there somewhere a good tutorial to arno's firewall? > > > > Thanks > > > > Michael > > > > Michael wrote: > > > >> Hi Tom > >> > >> Thanks for the answer. > >> > >> Using elocal was what I had in mind. However, the firewall > rules also > >> need to be adapted. > >> > >> The case on doc.astlinux.org refers to the astlinux net > being a subnet. > >> In my case the astlinux is the main net with an activated > firewall to > >> the internet. > >> > >> If I understand the firewall config correct it only fowards data > >> between the EXTIF and the INFIF for the nets that are > defined on the network tab. > >> This means in my case 192.168.0.0/25 (netmask 255.255.255.128). > >> > >> The subnet of mny LAN has 192.168.0.128/25 (netmask > 255.255.255.128). > >> > >> The route command allows astlinux to route the packages for the > >> subnet correctly. But the firewall will only allow > 192.168.0.0/25 to > >> traverse to the internet. > >> > >> It might be possible to add custom rules into arnos firewall. But > >> there might also be a simpler way, I hope... > >> > >> Michael > >> > >> Tom Chadwin wrote: > >> > >>> Hi Michael > >>> > >>> See if the instructions on the following page suit your > requirements: > >>> > >>> http://doc.astlinux.org/userdoc:tt_network_config > >>> > >>> Cheers > >>> > >>> Tom > >>> > >>> > >>>> -----Original Message----- > >>>> From: Michael [mailto:[email protected]] > >>>> Sent: 14 July 2010 09:31 > >>>> To: [email protected] > >>>> Subject: [Astlinux-users] Static routes > >>>> > >>>> Hello > >>>> > >>>> Just a short question: Where would I add static routes > into astlinux? > >>>> > >>>> In my LAN I have another (small) router with a subnet. > >>>> Actually, it is a linux box that simply connects another > room via > >>>> WLAN with the astlinux main router. > >>>> > >>>> I would liked to have used bridging instead of nat for the small > >>>> router but there seems to be a bug in wpa_supplicant > that does not > >>>> allow it to work properly on a bridge. > >>>> > >>>> So I need to define a static route into the astlinux router, > >>>> something like: > >>>> > >>>> So, if my main LAN is 192.168.0.0/25 and the subnet is > >>>> 192.168.0.128/29 then I would need to add a route like this > >>>> > >>>> route add -net 192.168.0.128 netmask 255.255.255.248 gw > >>>> 192.168.0.129 dev > >>>> br1 > >>>> > >>>> Hmm, I guess I also need to adapt the firewall as it will only > >>>> forward data from EXTIF to INTIF for the main net... (?!) > >>>> > >>>> Or is there a simple way to do it which also adapts the firewall > >>>> accordingly? > >>>> > >>>> Thanks > >>>> > >>>> Michael > >>>> > >>>> > > > > > > > > > -------------------------------------------------------------- > ---------------- > > This SF.net email is sponsored by Sprint What will you do > first with > > EVO, the first 4G phone? > > Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first > > > > -------------------------------------------------------------- > ---------------- > This SF.net email is sponsored by Sprint What will you do > first with EVO, the first 4G phone? > Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first > _______________________________________________ > Astlinux-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via > PayPal to [email protected]. > ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
