Linux Firewall/Router w/DMZ setup questions

Wed, 16 Aug 2000 07:08:28 -0700 

Hello all,

    Been searching archives for sometime now, and figured I should just ask
the question(s) and take my RTFM lumps (but please tell me which M ;)

    I have setup several IPChains Masq Firewalls in the past, but this is my
first with 3 NIC's.  Quick and dirty: eth0 is internal masq (10.0.0.1/24),
eth1 is the world (1.2.3.130), and eth2 is the dmz (1.2.3.131/27).  RH 6.2,
with 2.2.16 kernel (custom compile - not an rpm update) I am petty
confidante in the ipchain rules i have, but have problems with routing.  A
route -n shows (not quite thrilled with the ip route show version's output):

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
10.0.0.1        0.0.0.0         255.255.255.255 UH    0      0        0 eth0
1.2.3.129       0.0.0.0         255.255.255.255 UH    0      0        0 eth1
1.2.3.130       0.0.0.0         255.255.255.255 UH    0      0        0 eth1
1.2.3.128       0.0.0.0         255.255.255.224 U     0      0        0 eth2
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
1.2.3.0         0.0.0.0         255.255.255.0   U     0      0        0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         1.2.3.129       0.0.0.0         UG    0      0        0 eth1

    I manually added the 1.2.3.129 route, so that it can find the default
gateway on eth1 - because it's in the eth2's network.  Problem is, once this
is running, I cannot ping anything (although using ping I can see that it is
trying to go out over the correct interface).  I cannot even ping the IPs
assingened to the cards, i.e. 1.2.3.130 - but I can ping the box from other
machines in the masq zone or dmz.  I have disabled the IPchains rules to
rule out any problems comming from there.  Taking down eth2, all is well
(and even masq'd correctly).

    On a side note, I would like to know if it is possible (and if so where
to get more info) to have this box be a "transparent gateway" - I would like
to have the DMZ boxes keep a GW of 1.2.3.129 if possible, so that should the
firewall fail, a quick changing of cables can have all the DMZ boxes online
without the need to reconfigure them.  Of course, the masq boxes would be
down...

Thanks,
Mike



-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to