> OK here is what I have been using for eth2: > > eth2_IPADDR=192.168.10.254 > eth2_MASKLEN=24 > eth2_BROADCAST=+ > #eth2_ROUTES= > eth2_IP_SPOOF=YES > eth2_IP_KRNL_LOGMARTIANS=YES > eth2_IP_SHARED_MEDIA=NO > eth2_BRIDGE=NO > eth2_PROXY_ARP= > eth2_FAIRQ=NO
This looks OK > I still can't web browse from the host on the DMZ. Would an entry > in the eth2_ROUTES= likely fix that? If so what would an entry here look > like? > I did not see an example in the help file. Or should the route be set up > on > the DMZ host? You shouldn't need an eth2_ROUTES entry, unless there's another subnet behind a gateway system on eth2. You *DO* need to have your DMZ system setup correctly, however. It needs an IP in the 291.268.10.0/24 subnet, and it needs to use the DMZ interface of the firewall (192.168.10.254) as it's default gateway. > The DMZ_SERVER settings are going to be a problem though if I can't use > a range of addresses. The game servers I am using seem to want udp 27910 > to 27961 > and tcp 27950 to 27952. Any suggestions? You can do this with the autoforward command, but there are no hooks for this in network.conf, so you'll have to manually add the necessary commands. The easiest (and most logical) place to put them is probably the /etc/ipchains.forward file. Try getting a simple service (like web or ssh) working with the existing network.conf hooks, then add the autoforward rules once everything else is working OK. NOTE: You will also need to add some IP Masquerade rules if you want to use the public IP of the gameserver from the internal network...these rules can go in the ipchains.forward file as well. I don't recall off-hand exactly what you'll need for the autoforward and masquerade rules, and don't have time to dig into it right now...you can use the rules created for the simple service (www/ssh) as an example. Note that you *CAN* use port-ranges in the ipchains masquerade rules, just not when doing port-forwarding. If memory serves, you'll wind up with a port-forward rule for each service (auto-forward for your game-server range), and a reverse-masquerade rule to the internal network for each service or port-range. Good luck, if you have problems, post details...if no one else can help, I hope to be around some Tuesday. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
