RE: [Leaf-user] Changes for new Dachstein release

Steve Fink Wed, 10 Apr 2002 08:57:19 -0700

Charles et al,

        If I may I'd like to request that this functionality be added to Charles'
network.conf scripts.


        My configuration currently is as follows:

                eth0
                external-ip1
                external-ip2


                eth1
                10.1.1.1/24
                10.1.2.1/24
                10.1.3.1/24
                10.1.4.1/24
                10.1.5.1/24
                10.1.6.1/24
                10.1.7.1/24
                10.1.8.1/24
                10.1.9.1/24
                10.1.10.1/24
                10.4.8.1/24
                10.4.8.254/24

        Dachstein currently adds the routes for the additional IP's on eth1 but
does not add any additional chains. The 10.4.8.0/24 class is my network, I
have all of my machines on this network.  And I assign the other 10.1.x.x's
to different sites and networks.  Then they cannot connect to each other.
Then if I need to get to one of these networks I just go in and write the
chain to allow my packets to go to their network.


        I currently have these modifications to the forward chain in
/etc/ipchains.forward.

                ipchains --no-warnings -I forward 1 -s 10.4.8.0/24 -d 10.4.8.0/24 -j
ACCEPT
                ipchains --no-warnings -I forward 2 -s 10.1.1.0/24 -d 10.1.1.0/24 -j
ACCEPT
                ipchains --no-warnings -I forward 3 -s 10.1.2.0/24 -d 10.1.2.0/24 -j
ACCEPT
                ipchains --no-warnings -I forward 4 -s 10.1.3.0/24 -d 10.1.3.0/24 -j
ACCEPT
                ipchains --no-warnings -I forward 5 -s 10.1.4.0/24 -d 10.1.4.0/24 -j
ACCEPT
                ipchains --no-warnings -I forward 6 -s 10.1.5.0/24 -d 10.1.5.0/24 -j
ACCEPT
                ipchains --no-warnings -I forward 7 -s 10.1.6.0/24 -d 10.1.6.0/24 -j
ACCEPT
                ipchains --no-warnings -I forward 8 -s 10.1.7.0/24 -d 10.1.7.0/24 -j
ACCEPT
                ipchains --no-warnings -I forward 9 -s 10.1.8.0/24 -d 10.1.8.0/24 -j
ACCEPT
                ipchains --no-warnings -I forward 10 -s 10.4.8.0/24 -d 10.1.1.0/24 -j
ACCEPT
                ipchains --no-warnings -I forward 11 -s 10.4.8.0/24 -d 0/0 -j MASQ
                ipchains --no-warnings -I forward 12 -s 10.1.1.0/24 -d 0/0 -j MASQ
                ipchains --no-warnings -I forward 13 -s 10.1.2.0/24 -d 0/0 -j MASQ
                ipchains --no-warnings -I forward 14 -s 10.1.3.0/24 -d 0/0 -j MASQ
                ipchains --no-warnings -I forward 15 -s 10.1.4.0/24 -d 0/0 -j MASQ
                ipchains --no-warnings -I forward 16 -s 10.1.5.0/24 -d 0/0 -j MASQ
                ipchains --no-warnings -I forward 17 -s 10.1.6.0/24 -d 0/0 -j MASQ
                ipchains --no-warnings -I forward 18 -s 10.1.7.0/24 -d 0/0 -j MASQ
                ipchains --no-warnings -I forward 19 -s 10.1.8.0/24 -d 0/0 -j MASQ

        What this does for me.....

        I have a WiLAN that spans the whole city.  I'm using Cabletron AP's and
cards. I've run into the "hidden transmitter" issue with WiLAN and solved it
by "bouncing" all the packets off the Dachstein boxen.

        So ( not to drag this out anymore ) if the scripts accomodated adding of
secondary IP's to the chains automatically I wouldn't have to customize my
ipchains.forward as much.

        I also would like to request that the ipmasqadm ipautofw source ipautofw.so
be included or available.  I haven't had time to locate all of the required
libraries to compile this option.

        The purpose for this is so I can tunnel all traffic from eth0's second
external-ip directly to a server located within the network.  Yes I know
this makes a potential security hole but the requirement is still there for
one of my locations.  It's just a quick and dirty fix.



Many Thanks to you and everyone who has made Dachstein the LEAF distro that
it is!


Best,

Steve


PS Dachstein rocks!





-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Charles
Steinkuehler
Sent: Friday, April 05, 2002 8:07 AM
To: [EMAIL PROTECTED]
Subject: [Leaf-user] Changes for new Dachstein release


It looks like it's getting to be time for a new Dachstein release.  There
are a number of minor bugs to fix in the system scripts, and (more
importantly) security updates to some of the packages on the CD (SNMP and
libz).

My current ToDo list consists of the following.  Please post if you think
something else should be added to this list, or are willing to try your hand
at implementing some of the listed changes.

----------
TODO
----------

- Support multiple mount points in space-check multicron script (currently,
only the root partition is checked)

- Fix ping check e-mail functionality

- Fix package not found bug in /linuxrc (duplicates appear in package list
if a package is not found)

- Fix updatetime() in /etc/multicron-p

- Fix mount.back dev = "" POSIXness bug

- Add example lrpkg.cfg to CD Contents

- Add example pkgpath.cfg to CD Contents

- Alter weblet disk-checking script to ignore CD-ROM (always 100% full)

Package updates:
  libz
  snmp

----------

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user



_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] Changes for new Dachstein release

Reply via email to