On Friday 29 June 2001 02:01, you wrote :
> I'm experiencing a problem that I hope is a quite simple one: I can't get
> an installation of the cooker-firewall to pass packets to the internal
> network it is firewalling.
>
> I've installed numerous times on completely different known-good hardware
> and connected to different external networks. In fact I have had no trouble
> making this work using at least two of the pre-release versions of the
> cooker. But everything I try with the current release version leads to
> frustration.
>
> Installation and setup goes without problem. After rebooting into the
> firewall I am able to logon from a machine connected to eth0 (internal
> interface) and make configurations via the browser interface. DHCP setup is
> flawless; all connected computers are leasing addresses correctly. I am
> able to ping internal network machines and likewise from the cooker box I
> am able to ping the outside world - but I can't reach the outside world
> from the internal network in any way at all.
>
> The firewall rules are on (but turning them off makes no difference)
> although I have done no particular configuration there since it appears to
> be pre-configured for normal internet access.
>
> I've run through every page of the administration interface and the
> documentation looking for the piece of the puzzle that is missing in the
> final release and I am ready to admit that I am stumped. Has anyone else
> had this experience? I'm assuming I must not be alone in this since I'm not
> exactly new to networking/firewalling/NAT.
>
> Can someone _please_ point out the bonehead mistake I'm making here? Did I
> forget some magic step I must have done with the pre-release versions to
> make this work?
>
> Thanks,
> Todd
Hi,
(trying again, I had a problem with my previous e-mail).
Here are a few hints to try and find what's going wrong:
- activate the logging of rejected packets (System/Alert), try to connect to
the Internet from a client computer and then read the appropriate logs
(Monitoring menu)
- have you tried firewall rules "on" with "all" connections allowed ?
- do your client computer set their default gateway correctly ?
- if none of the above gives anything useful, then I have no clue for now;
try to stop the bastille-firewall script manually and set the forwarding and
masquerading by hand with minimal security (echo 1 >
/proc/sys/net/ipv4/ip_forward; ipchains -A forward -s <internal network
address> -j MASQ) and then investigate; since you seem to know a bit about
networks and nat you may find something on your clients or the firewall.
In any case, give us feedback so that we can further help you and maybe fix a
bug in the product.
Regards,
Renaud
