> Folks, I'm still confused about the internal routing on a Dachstein FW > with 2 internal interfaces. I simply want to route between eth1 & eth2 > freely while MASQ'ing both to the outside world. I do not want one to be a > DMZ - they are both peer legs to the network.
You can do this with Dachstein, but by default, it prevents traffic between internal interfaces... > My internal addresses are from the reserved block. > My internal addresses are from the reserved block. > eth1_IPADDR=172.16.40.250 > eth1_MASKLEN=24 > eth2_IPADDR=172.16.50.250 > eth2_MASQLEN=24 > eth2_ROUTES="172.16.40.255/24_via_172.16.40.250" The eth2_ROUTES should go away.... > I have set the masqlen on both interfaces to 24 as I have heard is > necessary to MASQ both interfaces to the outside. I'm not sure if this is > part of my problem. I have added what I think is a route between eth1 & > eth2 but obviously as I am writting this ... it does not work. Can > somebody give me some pointers?? You don't need routes (all your networks are directly attached to the firewall, so it already knows how to talk to them)...what you need is firewall rules that allow the networks to talk. As mentioned above, forwarding is denied by default between multiple internal interfaces, even if both nets are allowed to see the internet. To allow the interfaces to talk to each other, you need something like the following in /etc/ipchains.forward: $IPCH -A forward -j ALLOW -s 172.16.40.0/24 -d 172.16.50.0/24 -b Which will allow packets between your two internal nets to be forwarded. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
