Axalon,

You were right about the gateway.  When I set the gateway to nothing on the inside
machine, interface pinging worked correctly.  So I guess I AM filtering packets.

Kernel IP routing table   (partial)
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.111.2     *               255.255.255.255 UH      0      0        0 eth1
216.87.138.156   *               255.255.255.252 U         0      0        0 eth0
192.168.111.0     *               255.255.255.0      U         0      0        0
eth1
127.0.0.0              *               255.0.0.0               U         0
0        0 lo
default         quantumgateway. 0.0.0.0             UG       0      0        0
eth0

Wish I understood this better.  Don't know why there's a 192.168.111.0.    I
haven't intentionally assigned that.

Also would like to set up a point-to-point connection, but don't know how to tell
the WinNT machine.  Believe this would act as a 'switched' connection.
--
Carl A. Cook
quantumATaugustmailDOTcom

Certainly the game is rigged.  Don't let that stop you...
              If you don't bet you can't win.


Axalon Bloodstone wrote:

> On Mon, 21 Feb 2000, Carl A. Cook wrote:
> > Vandoorselaere Yoann (author of MSEC) wrote:
> [..]
> > > >
> > > > And why  CAN  I ping my firewall's outside interface from an inside
> > > > machine, with firewalling, masquarading, & ip_forwarding OFF??!!  What's
> > >
> > > Are you sure ip forwarding is off ?
> > > i'm not...
>
> I've snipped it but pretty sure he said he had it on for something else
>
> > > just do :
> > >
> > > cat /proc/sys/net/ipv4/ip_forward
> > >
> > > and give me the result back.
> > >
>
> What is your default route, right the firewall machine.. your ping the
> interface it goes out to the default gateway, the gateway says hey thats
> me and sends back a reply, it doesn't actualy forward the packet, it would
> do the same thing if it was routed a packet for 127.0.0.x
> --
> MandrakeSoft          http://www.mandrakesoft.com/
>                                         --Axalon



S/MIME Cryptographic Signature

Reply via email to