> have a small problem with the V1.1 and any hit will be welcome. as i
> might not told is, that i have a static-nat aswell for eth0 means the
> route to the router of my ISP going aswell over a 10.0. subnet and the
> FW have a the IP 10.0.0.6 but also the official IP 213.33.113.25
>
> eth0_IPADDR=10.0.0.6 (static addre 213.33.113.25)
> eth0_MASKLEN=30
> eth0_BROADCAST=10.0.0.5
Should this be 10.0.0.7 ?
> # Use this to set the default route if required - ONLY one to be set.
> # routed or gated could be used to set this so only use if not running
> these.
> eth0_DEFAULT_GW=10.0.0.5
>
> i have add this 213.33.113.25 adress aswell to the nat setup and it can
> be found there with the addresse for the DMZ with an extra varbi.
> for eth0
> EXTERN_NAT=YES
> EXTERN_SRC=213.33.113.25 -> works or not...but i can find the ip route
I don't understand the two settings above...where did they come from?
> EXTERN_IP=10.0.0.6 as it say that the addr. have to be the same as at
> eth0
>
> sofar so clear, i can ping internal interfaces form the FW eth1 and eth2
> and eth0, but when i try to reach from outside the FW over ssh or to try
> traceroute from the FW any addre with a IP or as domain name, i get
> allway's a not permitted.
This is probably due to the default firewall rules, which prohibit traffic
to/from private IP addresses. You need to comment out the line in
ipfilter.conf that blocks this traffic...in the stopMartians () procedure in
/etc/ipfilter.conf, comment the following line:
$IPCH -A $LIST -j DENY -p all -s 10.0.0.0/8 -d 0/0 -l $*
Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
