No, no, please don't edit /mnt/kd/arno-iptables-firewall/firewall.conf directly.
If there is something additional that the Firewall tab (or hand editing) needs to change the firewall, add it to your AstLinux /mnt/kd/rc.conf.d/user.conf (or /mnt/kd/rc.conf) file. By properly specifying the External and Internal interfaces, the firewall config is automatically configured. There are times when additional Firewall variables may need to be specified, but rarely. Lonnie On Jul 14, 2010, at 9:12 AM, Michael wrote: > Well, reading through the FAQ of arno's firewall, it should be as easy as > specifying > > INTERNAL_NET="192.168.0.0/24" in firewall.conf > > Strangely, if I modify /etc/arnos-iptables-firewall/firewall.conf > accordingly, nothing changes. All iptable entries remain the same (as > verified with iptables -L after restart of arnos firewall). > > > > > Michael wrote: > >> Hmm, I am not even able to add a rule to the firewall to forward data from >> 192.168.0.128/25 to EXTIF >> >> :-( >> >> >> This seems to be more complex that I thought. After adding the route to >> the astlinux box, teh subnet is freely reachable within the LAN, but it >> cannot access the internet. >> >> Is there somewhere a good tutorial to arno's firewall? >> >> Thanks >> >> Michael >> >> Michael wrote: >> >>> Hi Tom >>> >>> Thanks for the answer. >>> >>> Using elocal was what I had in mind. However, the firewall rules also >>> need to be adapted. >>> >>> The case on doc.astlinux.org refers to the astlinux net being a subnet. >>> In my case the astlinux is the main net with an activated firewall to the >>> internet. >>> >>> If I understand the firewall config correct it only fowards data between >>> the EXTIF and the INFIF for the nets that are defined on the network tab. >>> This means in my case 192.168.0.0/25 (netmask 255.255.255.128). >>> >>> The subnet of mny LAN has 192.168.0.128/25 (netmask 255.255.255.128). >>> >>> The route command allows astlinux to route the packages for the subnet >>> correctly. But the firewall will only allow 192.168.0.0/25 to traverse to >>> the internet. >>> >>> It might be possible to add custom rules into arnos firewall. But there >>> might also be a simpler way, I hope... >>> >>> Michael >>> >>> Tom Chadwin wrote: >>> >>>> Hi Michael >>>> >>>> See if the instructions on the following page suit your requirements: >>>> >>>> http://doc.astlinux.org/userdoc:tt_network_config >>>> >>>> Cheers >>>> >>>> Tom >>>> >>>> >>>>> -----Original Message----- >>>>> From: Michael [mailto:[email protected]] >>>>> Sent: 14 July 2010 09:31 >>>>> To: [email protected] >>>>> Subject: [Astlinux-users] Static routes >>>>> >>>>> Hello >>>>> >>>>> Just a short question: Where would I add static routes into astlinux? >>>>> >>>>> In my LAN I have another (small) router with a subnet. >>>>> Actually, it is a linux box that simply connects another room >>>>> via WLAN with the astlinux main router. >>>>> >>>>> I would liked to have used bridging instead of nat for the >>>>> small router but there seems to be a bug in wpa_supplicant >>>>> that does not allow it to work properly on a bridge. >>>>> >>>>> So I need to define a static route into the astlinux router, >>>>> something like: >>>>> >>>>> So, if my main LAN is 192.168.0.0/25 and the subnet is >>>>> 192.168.0.128/29 then I would need to add a route like this >>>>> >>>>> route add -net 192.168.0.128 netmask 255.255.255.248 gw >>>>> 192.168.0.129 dev >>>>> br1 >>>>> >>>>> Hmm, I guess I also need to adapt the firewall as it will >>>>> only forward data from EXTIF to INTIF for the main net... (?!) >>>>> >>>>> Or is there a simple way to do it which also adapts the >>>>> firewall accordingly? >>>>> >>>>> Thanks >>>>> >>>>> Michael >>>>> >>>>> >> >> >> >> > ------------------------------------------------------------------------------ >> This SF.net email is sponsored by Sprint >> What will you do first with EVO, the first 4G phone? >> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first > > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Sprint > What will you do first with EVO, the first 4G phone? > Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first > _______________________________________________ > Astlinux-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > [email protected]. > > ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
