I am still hammering around on getting this DMZ setup. I have read and
re-read Charles network.txt file and learned a lot but I still am
unsuccessful at getting it to work. My latest error when restarting the
network is:
# /etc/init.d/network reload
/etc/network.conf: tcp_192.168.10.0/24_domain: not found
/etc/network.conf: icmp_192.168.10.0/24_:: not found
/etc/network.conf: 608: Syntax error: Unterminated quoted string
As for the first two errors I don't know what part of the network.conf
generates them. The last I assume is in line 608 which I have not
changed.
I have resetup the network.conf to use a private DMZ since that is what
the
help text seems to recommend. I am trying to open the one machine on the
DMZ to enable FTP and gameservers operating between ports 27000 and
30000.
I believe the pertinent settings are:
INTERN_IF="eth1" # Internal Interface
INTERN_NET=192.168.1.0/24 # One (or more) Internal network(s)
INTERN_IP=192.168.1.254 # IP number of Internal Interface
# (to allow forwarding to external IP)
MASQ_SWITCH=YES # Masquerade internal network to outside
# world - YES/NO
I am not clear if I NEED to add eth2 to the above list or not. If so,
would it look like:
INTERN_IF="eth1 eth2" # Internal Interface
INTERN_NET=192.168.1.0/24 192.168.10.0/24 # One (or more) Internal
network(s)
INTERN_IP=192.168.1.254 192.168.10.254 # IP number of Internal
Interface
# (to allow forwarding to
external IP)
MASQ_SWITCH=YES # Masquerade internal
network to outside
# world - YES/NO
Or would it be a copy of this section added right below it?
###############################################################################
# Whether you want a DMZ or not (YES, PROXY, NAT, PRIVATE, NO)
DMZ_SWITCH=PRIVATE
DMZ_IF="eth2"
DMZ_NET=192.168.10.0/24
In this next section is it legal to use port ranges as I did or what
syntax is correct?
# PRIVATE DMZ switches
###############################################################################
# Services port-forwarded to the DMZ network
# Indexed list: "Protocol LocalIP LocalPort RemoteIP [ RemotePort ]"
DMZ_SERVER0="udp $EXTERN_IP 27000:30000 192.168.10.1 27000:30000"
DMZ_SERVER1="tcp $EXTERN_IP 27000:30000 192.168.10.1 27000:30000"
#DMZ_SERVER2="tcp 1.2.3.13 www 192.168.2.1 www"
#DMZ_SERVER3="tcp 1.2.3.13 smtp 192.168.2.1 smtp"
#DMZ_SERVER4="tcp 1.2.3.12 www 192.168.2.1 8080"
# Allow all outbound traffic from DMZ (YES)
# or just traffic from port-forwarded servers (NO)
DMZ_OUTBOUND_ALL=YES
Are there any other settings I need to check?
Thank you,
Kory Krofft
Charles Steinkuehler wrote:
> A bit of background...
>
> The default dachstein firewall scripts will NOT route traffic between
> interfaces unless EXPLICITLY told to do so. If you simply add a third (or
> fourth, or fifth...) interface, it will come up, and the router will be able
> to ping devices on the new network, but NO TRAFFIC will be forwarded between
> this new interface and other interfaces without properly setting up the
> firewall rules (ie making the new interface a DMZ or additional internal
> net) or creating some custom firewall rules in one of the /etc/ipchains.*
> files.
>
> NOTE: If you add your new interface to the list of internal networks,
> systems on the new network will be able to see the internet, but systems on
> different internal networks will NOT be able to communicate with each other,
> unless you add explicit rules to /etc/ipchains.forward to allow this.
>
> It sounds like you're to the point where everything is setup except systems
> on your new DMZ interface cannot talk to the internet or to systems on your
> internal net. If you properly configure the DMZ settings (probably for a
> port-forwarded DMZ), everything should begin to work.
>
> Charles Steinkuehler
> http://lrp.steinkuehler.net
> http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
