Hey how is everybody doing?
Let see if you can spot me here with my problem.
Did you receive the response I sent to the prior version of this message? If not, please check the list archive for it. If yes, please provide the information I ask for in it. (Some of it is scattered in this report, but it is not complete by a long shot.) Quick summary: Provide the info asked for in the SR FAQ. Use either iptables' own commands or the corresponding Shorewall ones to check your rulesets.
Here are some new suggestions and questions.
1. Can the LEAF router itself ping, or otherwise reach, the Cisco's external IP address? If not, how does it fail (ping fail with many different messages)? Also if not ... you you know that the Cisco itself is properly configured (if so, how?)?
2. DNS - if you are doing your ping tests by IP address (and you should be), any DNS problems will be irrelevant. A suitably configured Shorewall will, in any case, let LAN hosts use external DNS resolvers (like your ISP's, which you say you use) to resolve off-LAN addresses. The settings in /etc/resolv.conf on the LEAF router affect only the LEAF router itself, not LAN hosts.
3. You write: "It says that it can open the website, and the same for the mailing tool Outlook". I can't figure out what this means. The first "it" is the browser (which one? which OS?), but I still don't know what message you see from it that you paraphrase as "says it can open the website". And I can't even begin to guess what "the same" is for Outlook.
I use to work with Bering 1.2 for VLAN issues but now I want to configure an old machine as a firewall using the software shorewall which is include in Berig 1.2.
I have downloaded the quick start guide for a simple configuration, a local net conected to the firewall (eth1) by a hub (local PCs and the firewall by eth1 are conected to the same hub) and the firewall conected to a cisco router machine provided by my cable operator (eth0) of course eth1 has the subnet address of the local net and eh0 has the same subnet address of the router. Also I have configurated all the machines within the local net with their gateway set to the IP address of the local interafce of the firewall (eth1).
I have the following policies:
local net ACCEPT net all DROP all all REJCET
Them in the rules I have PORT RULE Source DEST Proto DEST ACCEPT fw net tcp 53 ACCEPT fw net udp 53 # For ssh conection ACCEPT loc fw tcp 22
ACCEPT loc fw icmp 8 ACCEPT net fw icmp 8 ACCEPT fw loc icmp 8 ACCEPT fw net icmp 8
ACCEPT loc fw tcp 80 ACCEPT loc fw udp 53
ACCEPT loc fw tcp 4662 ACCEPT net fw tcp 4662 ACCEPT fw net tcp 4662 ACCEPT fw loc tcp 4662
ACCEPT net fw udp 4672 ACCEPT loc fw udp 4672 ACCEPT fw net udp 4672 ACCEPT fw loc udp 4672
#SMTP mail ACCEPT loc fw tcp 25 ACCEPT net fw tcp 25 ACCEPT fw net tcp 25 ACCEPT fw loc tcp 25
#POP mail ACCEPT loc fw tcp 110 ACCEPT net fw tcp 110 ACCEPT fw net tcp 110 ACCEPT fw loc tcp 110
and in the Masq option of the Shorwall menu I have
#Interface Subnet Address eth0 eth1 192.168.10.106
Where 192.168.10.106 is teh ip address of eth0
the file host.allow has
ALL:192.168.30.0/24
where 192.168.30.0 is the subnet address of the internal net conected to eth1 so that any PC from that net can access to the services of the firewall, and reach the internet, am I wrong?.
I have, at this point two questions:
1�) I don�t have any DNS configured in my local net (neither at the firewall (LEAF Router), dnscache etc...). In the PCs of the local net I have the addresses of the DNS servers that my cable operator gave me. SO now I don�t know if I have to configure a DNS server in my firewall (Leaf Router) or what, and If so how???. As I have understood in the Quickstart guide for two interfaces, The resolv.conf will be written as soon as you conect to your ISP
2) so now here comes the problem. From any computer of the local net I can ping the internal IP address of the cisco router(which is conected to the fw) and from the firewall(LEAF router) I can ping either the internal address of the cisco router or any local PC.
The question here is that I can�t ping the external IP address of the cisco router or do a traceroute and when I try to open my web broser in any of my local PCs it doesn�t work. It says that it can open the website, and the same for the mailing tool Outlook
3) with Bering 1.2 and its shorewall, do I have to start the firewall with any command? or does it get set up automaticly by it self after the sistem is booted? if so, how can I get it started?
Did I do anything wrong in my configuration of the firewall or in the desing of the net?
Thanks for yor time falks
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
