Michael, Update, if you add to the file "/mnt/kd/arno-iptables-firewall/custom-rules" the two lines... -- iptables -t nat -A POSTROUTING -o eth0 -s 172.17.2.128/29 ! -d 172.17.2.128/29 -j MASQUERADE
iptables -I SPOOF_CHK -i br1 -s 172.17.2.128/29 -j RETURN -- and leave "astlinux.shim" alone, it should work. This is a much better way than hacking "astlinux.shim"... Lonnie On Jul 14, 2010, at 2:17 PM, Lonnie Abelbeck wrote: > > On Jul 14, 2010, at 1:11 PM, Michael wrote: > >> Hi Lonnie >> >> There is no dnsmasq on the box, so I guess at least not easy. >> >> With my old router (instead of the astlinux box) I could simply add a static >> route to the router and everything worked. Apparently, it also modified its >> firewall settings automatically. >> >> Anyway, do you see another alternative? > > Michael, > > This will get ugly... > > You could add custom iptables rules in > "/mnt/kd/arno-iptables-firewall/custom-rules" if you are iptables savvy. > > Or, I may regret mentioning this, but you could edit > "/usr/share/arno-iptables-firewall/astlinux.shim" (NOBODY ELSE DO THIS) and > change... > > -- from -- > INTERNAL_NET="" > NAT_INTERNAL_NET="" > -- to -- > INTERNAL_NET="172.17.2.128/29" > NAT_INTERNAL_NET="172.17.2.128/29" > > -- > > Note: Undo this change with "rm > /oldroot/mnt/asturw/usr/share/arno-iptables-firewall/astlinux.shim" > > When you upgrade with future AstLinux versions you will have to make sure a > newer "astlinux.shim" does not exist. > > Best to clean-up your network and then undo this change in the future. > > Lonnie ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
