Sorry if this is a double post.
Hi all;
I find the leaf project very interesting. I would like to set up a two interface box and then eventually migrate to a 3 interface setup. My goal is to replace a windows proxy machine and have control over port forwarding/firewalling.
I'm using a cisco 800 router (from my wireless internet company) that I see internally as 192.168.201.200 . It can be configured to block/forward ports to internal machines. My subnet is 192.168.201.0(255.255.255.0) and the 192.168.201.200 is the default gateway. I want to forward all ports from the router to the bering/shorewall. From the leaf box then forward web and ssh to different machines. Because this is my first attempt using leaf I'm trying to do all testing offline. I'm trying to simulate external access using a machine connected via a cross-over cable connected to eth0 and eth1 connected to my internal network. I configured shorewall to forward web and ssh to 192.168.201.248 (linuxserver). eth1 ip addr is 192.168.201.161 and eth0 is 192.168.1.160 . Changed linuxserver gw to 192.168.201.161 . Configured "external" machine as 192.168.1.242 . linuxserver can ping leaf box, leaf box can ping both linuxserver and ext machine , ext machine can ping leaf box but if I open a web or ssh session in the ext machine to ip 192.168.1.160 it wont get forwarded to the linuxserver.
Can it be tested this way ? I have read a lot of documentation but I'm still a little confused. Any pointers would be appreciated. If this setup is right for testing let me know and I will include the conf files of the leaf box.
Thanks to all
This is a bit hard to follow (please try using paragraphs and conventional spelling ("won't", not "wont", for example). In principle, you can test a LEAF setup using what you call a "simulated" external connection ( I used to do this, back when I was more active on LEAF). In practice, you have to get the details right, and it is not clear whether you did so.
As I read what you wrote, you have something like the following:
CISCO 800 router
(192.168.201.200)
|
-----------------LAN (192.168.201.0/24)---------------------
| |
(192.168.201.161) (192.168.201.248)
eth1 eth?
LEAF router "linuxserver"
eth0
(192.168.1.160)
|
(192.168.1.161)
eth?
host that simulates
external networkIf I have this right, you most likely have the routing table on the "linuxserver" configured incorrectly. Its gateway to the (simulated) Internet is the Bering router's eth1 IP address, not the simulator host at 192.168.1.161 (which it probably has no route to). But wince you didn't include that information, this is more a guess than a firm opinion.
A better way to do this sort of test is to treat your LAN as the Bering router's external network, and the 192.168.1.0/24 side as the internal network. If the Bering router NATs the connection (something else you haven't said), stuff on the real LAN and the Internet will not need a route to 192.168.1.0/24, and you should be able to test the ability of the simulator host to access the "linuxserver" host and, more generally, the Internet. (You will have to allow the use of 192.168.201.0/24 on the external side by disabling RFC1918 firewalling,b ut you already had to do that for the test you tried).
If you need further help with these tests, please refer to the SR FAQ before posting, do you will have a better idea of what details you need to include.
------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
