> I am still hammering around on getting this DMZ setup. I have read and > re-read Charles network.txt file and learned a lot but I still am > unsuccessful at getting it to work. My latest error when restarting the > network is: > > # /etc/init.d/network reload > /etc/network.conf: tcp_192.168.10.0/24_domain: not found > /etc/network.conf: icmp_192.168.10.0/24_:: not found > /etc/network.conf: 608: Syntax error: Unterminated quoted string > As for the first two errors I don't know what part of the network.conf > generates them. The last I assume is in line 608 which I have not > changed.
Actually, you'll get problems like this if you are missing a closing quote somewhere in the file. It greatly confuses the shell parser. Read through everything you've changed, and make sure all quotes appear properly in pairs. > I have resetup the network.conf to use a private DMZ since that is what > the > help text seems to recommend. I am trying to open the one machine on the > DMZ to enable FTP and gameservers operating between ports 27000 and > 30000. > > I believe the pertinent settings are: > > > INTERN_IF="eth1" # Internal Interface > INTERN_NET=192.168.1.0/24 # One (or more) Internal network(s) > INTERN_IP=192.168.1.254 # IP number of Internal Interface > # (to allow forwarding to external IP) > MASQ_SWITCH=YES # Masquerade internal network to outside > # world - YES/NO > > I am not clear if I NEED to add eth2 to the above list or not. If so, > would it look like: > INTERN_IF="eth1 eth2" # Internal Interface <snip> > Or would it be a copy of this section added right below it? You leave the internal and external settings alone. Add the various settings for eth2 (ie eth2_IPADDR, etc..), and add eth2 to the list of interfaces in IF_AUTO, so it comes up on boot. Then you simply need to add the correct DMZ setings (see below). >########################################################################### #### > # Whether you want a DMZ or not (YES, PROXY, NAT, PRIVATE, NO) > DMZ_SWITCH=PRIVATE > DMZ_IF="eth2" > DMZ_NET=192.168.10.0/24 This looks OK. > In this next section is it legal to use port ranges as I did or what > syntax is correct? Port ranges are not allowed. Stick to single ports, using the format listed: > # Indexed list: "Protocol LocalIP LocalPort RemoteIP [ RemotePort ]" > DMZ_SERVER0="udp $EXTERN_IP 27000:30000 192.168.10.1 27000:30000" > DMZ_SERVER1="tcp $EXTERN_IP 27000:30000 192.168.10.1 27000:30000" > #DMZ_SERVER2="tcp 1.2.3.13 www 192.168.2.1 www" > #DMZ_SERVER3="tcp 1.2.3.13 smtp 192.168.2.1 smtp" > #DMZ_SERVER4="tcp 1.2.3.12 www 192.168.2.1 8080" > > # Allow all outbound traffic from DMZ (YES) > # or just traffic from port-forwarded servers (NO) > DMZ_OUTBOUND_ALL=YES > > Are there any other settings I need to check? That should do it. Your DMZ settings look OK, except for the port-range issue. Your main problem is likely the configuration of eth2, the INTERN network settings, and a missing quote (or other syntax problem) somewhere else in your network.conf. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
