Axalon,
You were right about the gateway. When I set the gateway to nothing on the inside
machine, interface pinging worked correctly. So I guess I AM filtering packets.
Kernel IP routing table (partial)
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.111.2 * 255.255.255.255 UH 0 0 0 eth1
216.87.138.156 * 255.255.255.252 U 0 0 0 eth0
192.168.111.0 * 255.255.255.0 U 0 0 0
eth1
127.0.0.0 * 255.0.0.0 U 0
0 0 lo
default quantumgateway. 0.0.0.0 UG 0 0 0
eth0
Wish I understood this better. Don't know why there's a 192.168.111.0. I
haven't intentionally assigned that.
Also would like to set up a point-to-point connection, but don't know how to tell
the WinNT machine. Believe this would act as a 'switched' connection.
--
Carl A. Cook
quantumATaugustmailDOTcom
Certainly the game is rigged. Don't let that stop you...
If you don't bet you can't win.
Axalon Bloodstone wrote:
> On Mon, 21 Feb 2000, Carl A. Cook wrote:
> > Vandoorselaere Yoann (author of MSEC) wrote:
> [..]
> > > >
> > > > And why CAN I ping my firewall's outside interface from an inside
> > > > machine, with firewalling, masquarading, & ip_forwarding OFF??!! What's
> > >
> > > Are you sure ip forwarding is off ?
> > > i'm not...
>
> I've snipped it but pretty sure he said he had it on for something else
>
> > > just do :
> > >
> > > cat /proc/sys/net/ipv4/ip_forward
> > >
> > > and give me the result back.
> > >
>
> What is your default route, right the firewall machine.. your ping the
> interface it goes out to the default gateway, the gateway says hey thats
> me and sends back a reply, it doesn't actualy forward the packet, it would
> do the same thing if it was routed a packet for 127.0.0.x
> --
> MandrakeSoft http://www.mandrakesoft.com/
> --Axalon
S/MIME Cryptographic Signature
