Hi,
I have installed Dachstein-pr2 onto my 486DX66 with IDE support using the
kernel from Charles' site. I have it setup to boot from the hd, but then
run from the ramdisk. Other, perhaps irrelevant details:
Cable Modem connection;
Single, DHCP acquired public IP address;
sshd-1 installed and running successfully;
3 3c509 NICs installed and running successfully;
Having made the system work for masquerading my internal network to the
internet, I then turned to adding in support for my DMZ network (that I've
had running using Eigerstein and Eigerstein2beta for about 9 months now).
See the appended extract of the network.conf file for details of the changes
I have made to the stock distribution file.
The problem is, I don't seem to have have the dmz functionality. While my
internal network can access the internet, it cannot access the dmz net (i.e.
pings fail). However, pings from the dachstein box to both the internal and
the dmz net are successful. Looking at the /var/log/messages file, I cannot
see any log of any packets from the internal net getting denied on their way
to the dmz.
If anyone can help, I'd be much obliged.
thanks
tim
Here is some extra info:
# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0
eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0
eth2
213.105.191.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
0.0.0.0 213.105.191.254 0.0.0.0 UG 0 0 0
eth0
glenmore: -root-
# netstat -nre
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
213.105.191.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 213.105.191.254 0.0.0.0 UG 0 0 0 eth0
############################################################################
###
# Extended Materhorn configruation scripts
# By Charles Steinkuehler
# Version 1.3
# September 18, 2001
############################################################################
###
<snipped unchanged section(s)>
############################################################################
###
# Interfaces
############################################################################
###
# Start pppd PPP interfaces first as pppd's use of DNS can delay startup.
#
# Interfaces to start on boot go here - ie "ppp0 eth0"
# Do NOT include interfaces configured by dhcp!
IF_AUTO="eth1 eth2"
<snipped unchanged section(s)>
############################################################################
###
eth1_IPADDR=192.168.2.254
eth1_MASKLEN=24
eth1_BROADCAST=+
eth1_IP_SPOOF=YES
eth1_IP_KRNL_LOGMARTIANS=YES
eth1_IP_SHARED_MEDIA=NO
eth1_BRIDGE=NO
eth1_PROXY_ARP=NO
eth1_FAIRQ=NO
############################################################################
###
eth2_IPADDR=192.168.1.254
eth2_MASKLEN=24
eth2_BROADCAST=+
eth2_ROUTES=
eth2_IP_SPOOF=YES
eth2_IP_KRNL_LOGMARTIANS=YES
eth2_IP_SHARED_MEDIA=NO
eth2_BRIDGE=NO
eth2_PROXY_ARP=NO
eth2_FAIRQ=NO
<snipped unchanged section(s)>
SILENT_DENY="udp_172.16.67.254_68"
<snipped unchanged section(s)>
# TCP services open to outside world
# Space seperated list: srcip/mask_dstport
# I have opened these with the intention of port forwarding to my private
address DMZ
EXTERN_TCP_PORTS="0/0_22021 0/0_22022 0/0_22080 0/0_22180 0/0_22443"
<snipped unchanged section(s)>
############################################################################
###
# Internal Interface
############################################################################
###
# Comment 3 settings below for no internal network (DMZ only configuration)
INTERN_IF="eth2" # Internal Interface
INTERN_NET=192.168.1.0/24 # One (or more) Internal network(s)
INTERN_IP=192.168.1.254 # IP number of Internal Interface
# (to allow forwarding to external IP)
MASQ_SWITCH=YES # Masquerade internal network to outside
# world - YES/NO
<snipped unchanged section(s)>
############################################################################
###
# DMZ setup (optional)
############################################################################
###
# Whether you want a DMZ or not (YES, PROXY, NAT, PRIVATE, NO)
DMZ_SWITCH=PRIVATE
DMZ_IF="eth1"
DMZ_NET=192.168.2.0/24
# For NAT DMZ's:
# DMZ_NET, above is likely a private IP range...DMZ_SRC should encompass the
# public IP range being NAT'd to DMZ_NET. Any systems
DMZ_SRC=216.171.153.128/25
# For Proxy-Arp or NAT DMZ's only:
# For security, any IP's within the DMZ_NET (PROXY) or DMZ_SRC (NAT)
# specification, above, that are NOT remote systems reached via DMZ_IF must
# be listed here. This potentially includes IP's of this LRP system, your
# gateway, and systems connected to your external interface.
DMZ_EXT_ADDRS="$eth0_DEFAULT_GW $EXTERN_IP"
## Both of the following should be used together - ie if you turn on
## DMZ_HIGH_TCP_CONNECT - DO specify DMZ_CLOSED_DEST!
# Allows inbound connections to high tcp ports (>1023)
# You can also allow to specific machines using 1024: (or a smaller range)
# as the dest port range in DMZ_OPEN_DEST (RECOMMENDED)
DMZ_HIGH_TCP_CONNECT=NO
## 3306 MySQL, 6000 X, 2049 NFS, 7100 xfs
#DMZ_CLOSED_DEST="tcp_${DMZ_NET}_6000:6004 tcp_${DMZ_NET}_7100"
# Inbound services to allow to the DMZ
# <protocol>_<destination IP/network>_<destination port or range>
DMZ_OPEN_DEST=" udp_${DMZ_NET}_domain
tcp_${DMZ_NET}_domain
icmp_${DMZ_NET}_:
tcp_1.1.2.13_www"
<snipped unchanged section(s) - to EOF>
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
