Charles, Thanks for the info. I started with a fresh boot disk over the weekend and carefully tried to follow the network.txt help file sections on setting up a DMZ. This took care of the script errors.
Charles Steinkuehler wrote: ... > > > > INTERN_IF="eth1" # Internal Interface > > INTERN_NET=192.168.1.0/24 # One (or more) Internal network(s) > > INTERN_IP=192.168.1.254 # IP number of Internal Interface > > # (to allow forwarding to external IP) > > MASQ_SWITCH=YES # Masquerade internal network to outside > > # world - YES/NO > > > > I am not clear if I NEED to add eth2 to the above list or not. If so, > > would it look like: > > INTERN_IF="eth1 eth2" # Internal Interface > <snip> > > Or would it be a copy of this section added right below it? > > You leave the internal and external settings alone. Add the various > settings for eth2 (ie eth2_IPADDR, etc..), and add eth2 to the list of > interfaces in IF_AUTO, so it comes up on boot. Then you simply need to add > the correct DMZ setings (see below). OK here is what I have been using for eth2: eth2_IPADDR=192.168.10.254 eth2_MASKLEN=24 eth2_BROADCAST=+ #eth2_ROUTES= eth2_IP_SPOOF=YES eth2_IP_KRNL_LOGMARTIANS=YES eth2_IP_SHARED_MEDIA=NO eth2_BRIDGE=NO eth2_PROXY_ARP= eth2_FAIRQ=NO I still can't web browse from the host on the DMZ. Would an entry in the eth2_ROUTES= likely fix that? If so what would an entry here look like? I did not see an example in the help file. Or should the route be set up on the DMZ host? > > > In this next section is it legal to use port ranges as I did or what > > syntax is correct? > > Port ranges are not allowed. Stick to single ports, using the format > listed: > > > # Indexed list: "Protocol LocalIP LocalPort RemoteIP [ RemotePort ]" > > > DMZ_SERVER0="udp $EXTERN_IP 27000:30000 192.168.10.1 27000:30000" > > DMZ_SERVER1="tcp $EXTERN_IP 27000:30000 192.168.10.1 27000:30000" > > #DMZ_SERVER2="tcp 1.2.3.13 www 192.168.2.1 www" > > #DMZ_SERVER3="tcp 1.2.3.13 smtp 192.168.2.1 smtp" > > #DMZ_SERVER4="tcp 1.2.3.12 www 192.168.2.1 8080" > > > > # Allow all outbound traffic from DMZ (YES) > > # or just traffic from port-forwarded servers (NO) > > DMZ_OUTBOUND_ALL=YES > > > > Are there any other settings I need to check? > > That should do it. Your DMZ settings look OK, except for the port-range > issue. Your main problem is likely the configuration of eth2, the INTERN > network settings, and a missing quote (or other syntax problem) somewhere > else in your network.conf. The DMZ_SERVER settings are going to be a problem though if I can't use a range of addresses. The game servers I am using seem to want udp 27910 to 27961 and tcp 27950 to 27952. Any suggestions? Thanks, Kory _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
