I'm using a LEAF type of distro because I'm using old small hardware and don't want to do anything but do hard disk sharing and ssh/ftp out. I don't know enough about linux and all the processes and what not that I can turn off to minimize memory/cpu usage. I figured this would be easiest since you folks have already done this for me! ;-)
I did figure it out though, IPFILTER_SWITCH=none, commented out all the ETH1 settings, changed all occurences of ETH0 IP setting to 192.168.1.100, and I was good to go. I had also forgotten to set DHCP for eth0 off.
At some point, I'll back in the firewall rules and the info you provided about the areas of the scripts will be very helpful.
Thanks!
mike.
Charles Steinkuehler wrote:
Michael McClure wrote:I want to have only 1 card (eth0) in my Dachstein box and have it connect to my internal network (which, as a side note, has an eigerstein firewall w/eth1=192.168.1.254).
I've commented out the eth1 entries and set my IF_AUTO to eth0. I've put 192.168.1.100 into my eth0 ip w/a netmask of 24, broadcast to 192.168.1.255 and gateway to be 192.168.1.254 (my eigerstein eth1). I've changed IPFILTER_SWITCH=none.
I can ping 127.0.0.1, but not 192.168.1.100 or 254. The ping says the target network is unreachable. What else should I do to the default 1680K Dachstein disk image network.conf to make it be a 1 interface client on my internal network? The goal is to have it serve SSHD 2.0 and have the SSH and FTP clients on it (my firewall doesn't). I want to be able to ssh through my firewall to this internal box and SSH out from there onto the internet. I'll also probably run SAMBA on it and put in a couple of hard disk drives so I can also use it as a fileserver.
If you want to add Samba and make a fileserver, you may want to consider using a more mainstream distribution, setup to run from HDD.
If you want to use Dachstein, in addition to changing the interface configuration (which it soulds like you did OK, but I can't be sure without seeing the output of "ip addr" and "ip route"), you'll have to modify the firewall rules, since private IP traffic on the "external" interface is dropped by defalt.
The easy way to do this is to simply remove all firewall rules, by setting "IPFILTER_SWITCH=none" in network.conf, assuming your internal network is fully trusted.
If for some reason you still want to run with ipchains rules in place, you'll need to comment out the section in /etc/ipfilter.conf that drops private IP's (in the stopMartians () procedure), which is probably what's keeping you from pinging currently.
NOTE: The Dachstein firewall scripts are not really setup for a "host" type environment, where lots of services are running on the box. You can use the existing firewall rules in this way if desired, but you should review the generated rules, and make sure they meet your needs. In particular, make sure the default accepting of high TCP and UDP ports doesn't present a security risk for your configuration. To get your samba server running, you'll also have to remove the default rules blocking SMB traffic (the standardBlock () procedure in /etc/ipfilter.conf).
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
