linux firewall setup - routing / forwarding?

Sat, 12 Aug 2000 10:27:23 -0700 

List,

I am trying to setup a home firewall with mandrake 7.1. (kernel 2.2.15-4mdk)
at  home. I would appreciate any help or suggestions.
mostly I watch this list- great forum! I have learned alot.
Thanks, Todd
(I have so far: read the FAQ, searched the archive, searched internet,
recompiled kernel, spent hours at Borders.)

Heres the scenario:
>From inside I can ping both interfaces of the firewall. From the firewall I
can ping the world.
The firewall FAQ suggested that I should be able enable or disable pinging
to the external interface using
echo "x" /proc/sys/net/ipv4/ip_forwarding
I think that if I can ping the external interface I should be set. right?
another source suggested set
ipforward=true/false
in /etc/sysconfig/network.
No luck with either of those settings.

I have tried modifying the routing tables, device settings, and the kernel.
After everything I have tried I am still were I was after setup. Firewall
can ping ip addresses and names on internet, can ping both interfaces of
firewall from inside, but not the internet.
Do I have a routing problem?

after running a tracert from inside I found it interesting that it is 1 hop
to either interface. Is that rights.


line in
------------| eth0| - |   eth1 | -------swtich-----| home net |

zzz.zzz.zzz.zzz = provider assigned ip
zzz.zzz.zzz.128=provider assigned mask

workstation settings (98)
192.168.1.2 255.255.255.0
gateway 192.168.1.254

external interface
/etc/sysconfig/network-scripts/ifcfg-eth0
ipaddress=zzz.zzz.zzz.zzz
netmask=255.255.255.128
(should there be a gateway for this device, the seems fine without. I did
get a gateway address from the provider which I assume is necessary on a
winbox but does seem to be on linux box. I tried with and without I does not
seem to help)

internal interface
/etc/sysconfig/network-scripts/ifcfg-eth1
ipaddress=192.168.1.254
gateway=zzz.zzz.zzz.zzz

route -n
zzz.zzz.zzz.zzz              0.0.0.0    255.255.255.255    eth0
192.168.1.254            0.0.0.0    255.255.255.255    eth1
zzz.zzz.zzz.128            0.0.0.0    255.255.255.128    eth0
192.168.1.0                0.0.0.0    255.255.255.0        eth1
loopback
0.0.0.0                zzz.zzz.zzz.zzz        0.0.0.0.    UG    eth0

I am puzzled.

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to