> No, no, please don't edit > /mnt/kd/arno-iptables-firewall/firewall.conf directly.
My bad. Tom > -----Original Message----- > From: Lonnie Abelbeck [mailto:[email protected]] > Sent: 14 July 2010 17:10 > To: AstLinux Users Mailing List > Subject: Re: [Astlinux-users] Static routes > > No, no, please don't edit > /mnt/kd/arno-iptables-firewall/firewall.conf directly. > > If there is something additional that the Firewall tab (or > hand editing) needs to change the firewall, add it to your > AstLinux /mnt/kd/rc.conf.d/user.conf (or /mnt/kd/rc.conf) file. > > By properly specifying the External and Internal interfaces, > the firewall config is automatically configured. There are > times when additional Firewall variables may need to be > specified, but rarely. > > Lonnie > > > > On Jul 14, 2010, at 9:12 AM, Michael wrote: > > > Well, reading through the FAQ of arno's firewall, it should > be as easy > > as specifying > > > > INTERNAL_NET="192.168.0.0/24" in firewall.conf > > > > Strangely, if I modify /etc/arnos-iptables-firewall/firewall.conf > > accordingly, nothing changes. All iptable entries remain > the same (as > > verified with iptables -L after restart of arnos firewall). > > > > > > > > > > Michael wrote: > > > >> Hmm, I am not even able to add a rule to the firewall to > forward data > >> from > >> 192.168.0.128/25 to EXTIF > >> > >> :-( > >> > >> > >> This seems to be more complex that I thought. After adding > the route > >> to the astlinux box, teh subnet is freely reachable within > the LAN, > >> but it cannot access the internet. > >> > >> Is there somewhere a good tutorial to arno's firewall? > >> > >> Thanks > >> > >> Michael > >> > >> Michael wrote: > >> > >>> Hi Tom > >>> > >>> Thanks for the answer. > >>> > >>> Using elocal was what I had in mind. However, the firewall rules > >>> also need to be adapted. > >>> > >>> The case on doc.astlinux.org refers to the astlinux net > being a subnet. > >>> In my case the astlinux is the main net with an activated > firewall > >>> to the internet. > >>> > >>> If I understand the firewall config correct it only fowards data > >>> between the EXTIF and the INFIF for the nets that are > defined on the network tab. > >>> This means in my case 192.168.0.0/25 (netmask 255.255.255.128). > >>> > >>> The subnet of mny LAN has 192.168.0.128/25 (netmask > 255.255.255.128). > >>> > >>> The route command allows astlinux to route the packages for the > >>> subnet correctly. But the firewall will only allow > 192.168.0.0/25 to > >>> traverse to the internet. > >>> > >>> It might be possible to add custom rules into arnos firewall. But > >>> there might also be a simpler way, I hope... > >>> > >>> Michael > >>> > >>> Tom Chadwin wrote: > >>> > >>>> Hi Michael > >>>> > >>>> See if the instructions on the following page suit your > requirements: > >>>> > >>>> http://doc.astlinux.org/userdoc:tt_network_config > >>>> > >>>> Cheers > >>>> > >>>> Tom > >>>> > >>>> > >>>>> -----Original Message----- > >>>>> From: Michael [mailto:[email protected]] > >>>>> Sent: 14 July 2010 09:31 > >>>>> To: [email protected] > >>>>> Subject: [Astlinux-users] Static routes > >>>>> > >>>>> Hello > >>>>> > >>>>> Just a short question: Where would I add static routes > into astlinux? > >>>>> > >>>>> In my LAN I have another (small) router with a subnet. > >>>>> Actually, it is a linux box that simply connects > another room via > >>>>> WLAN with the astlinux main router. > >>>>> > >>>>> I would liked to have used bridging instead of nat for > the small > >>>>> router but there seems to be a bug in wpa_supplicant > that does not > >>>>> allow it to work properly on a bridge. > >>>>> > >>>>> So I need to define a static route into the astlinux router, > >>>>> something like: > >>>>> > >>>>> So, if my main LAN is 192.168.0.0/25 and the subnet is > >>>>> 192.168.0.128/29 then I would need to add a route like this > >>>>> > >>>>> route add -net 192.168.0.128 netmask 255.255.255.248 gw > >>>>> 192.168.0.129 dev > >>>>> br1 > >>>>> > >>>>> Hmm, I guess I also need to adapt the firewall as it will only > >>>>> forward data from EXTIF to INTIF for the main net... (?!) > >>>>> > >>>>> Or is there a simple way to do it which also adapts the > firewall > >>>>> accordingly? > >>>>> > >>>>> Thanks > >>>>> > >>>>> Michael > >>>>> > >>>>> > >> > >> > >> > >> > > > ---------------------------------------------------------------------- > > -------- > >> This SF.net email is sponsored by Sprint What will you do > first with > >> EVO, the first 4G phone? > >> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first > > > > > > > > > ---------------------------------------------------------------------- > > -------- This SF.net email is sponsored by Sprint What will you do > > first with EVO, the first 4G phone? > > Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first > > _______________________________________________ > > Astlinux-users mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > > > Donations to support AstLinux are graciously accepted via > PayPal to [email protected]. > > > > > > > -------------------------------------------------------------- > ---------------- > This SF.net email is sponsored by Sprint What will you do > first with EVO, the first 4G phone? > Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first > _______________________________________________ > Astlinux-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via > PayPal to [email protected]. > ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
