Linux-Networking Digest #770, Volume #10 Tue, 6 Apr 99 20:13:44 EDT
Contents:
Re: ipfwadmin setup for ftp, icq and quakeworld (jeff kendall)
Re: linux firewall (Hugo Theriault)
Re: linux firewall (Luca Filipozzi)
Re: 286 diskless computers like terminals on linux (Greg Weeks)
telnet to host as root ("yuval")
Re: screwy minicom connection (dont spam me)
Re: Still unable to FTP or Telnet (dont spam me)
Re: static & dynamic NAT with multiple external interfaces? (Luca Filipozzi)
Re: Still unable to FTP or Telnet (Luca Filipozzi)
Re: Home networking question (Long) (Linux newbie) (Luca Filipozzi)
Re: WISECOM ETHERNET CARD ("D. C. Sessions")
Modem problem with RedHat 5.2 ("Mojoman")
Re: Unresolved modules (symbols) ("Captain Blood")
SETI@home is now available for various UNIX platforms ("Seti")
static & dynamic NAT with multiple external interfaces? (Sniggerfardimungus)
Re: Newbie's networking woes (RTL-8029) (Ron Watkins)
Re: firewall problem (Ron Watkins)
Re: linux firewall (Hugo Theriault)
----------------------------------------------------------------------------
From: jeff kendall <[EMAIL PROTECTED]>
Subject: Re: ipfwadmin setup for ftp, icq and quakeworld
Date: Tue, 06 Apr 1999 18:21:23 -0400
Greg Weeks wrote:
>
> In article <[EMAIL PROTECTED]>,
> jeff kendall <[EMAIL PROTECTED]> writes:
> > Somebody out there knows how to make this work, beyond the cryptic
> > "how-to" pages,
> >
> > 1 - I installed linux kernel version 2.0 something (uses ipfwadmin NOT
> > ipchains).
> > 2 - http works fine, mail and news work fine. dns works fine.
> > 3 - I can't get ftp, icq and quakeworld to run through my firewall.
>
> Is this incoming or outgoing that's not working?
>
> > 4 - I have repeatedly rebuilt the kernel with DISASTROUS results
> > (I almost lost the eight gig drive with my only copy of this
> > broken-but-the-best-I-can-do script).
> >
> > 5 - Also using insmod to load verious .o modules dealing with ftp and
> > quake makes no
> > difference.
> >
> > I want to run quakeworld on the firewall when this is done and I want to
> > be able to
> > connect to it via ip forwarding as well as use gamespy, etc. I also
> > want to be able
> > to play halflife, Quake 3, KingPin, etc...
> > If I can't make this work SOON, I'm gonna have to defect back over to NT
> > (ugh!)
> > and use some bluescreen-generating proxy software!
>
> I think you probably have your firewall rules too tight. Have you
> tried using a really loose (wide open) firewall script and seeing if
> it works that way?
>
> I'm also somewhat confused by two sets of network addresses. Are you
> running two ethernet cards and a dial-up connection?
>
> Greg Weeks
> --
> http://durendal.tzo.com/greg/
i have the following setup
========= =======
[ win98 ] - 10baseT - - [ hub ]
========= / =======
/
-------
[linux ]
-------
/
/
------------
[ mediaone ]
[ cablemodem ] - - - mediaone coax/ fiber/ etc - - -
------------
1) All interconnects above are 10baseT except upstream from the cable
modem.
2) There is NO phone modem of any kind involved.
3) The linux box is the only machine with two ethernet cards.
My local subnet is 192.125.125.0/24
My usual ip is 24.131.20.x
My mediaone netmask (received from their dhcp server) is 24.131.20.0/21
I can get out from win98 using netscape to read mail or newsgroups or
http.
when i try to use ftp, whether it is from netscape or from ws_ftp or
DOS,
I can log in but the connection times out receiving the directory.
I cannot run gamespy and see anything out on the 'net.
I cannot run icq and connect to mirabilis to pick up my messages, which
i am
sure are overflowed by now...
TODAY:
I can run netscape on my pc and surf the web through my firewall, as
well
as receive and send email and read newsgroups.
WHAT I NEED:
The above, plus the ability to play quake, quake two, halflife, tribes,
use icq
and ftp.
I saw something about port forwarding mentioned in one of the how-to's
someplace
but can't figure out what it does or if it would help me with my present
predicament.
One major problem is that my current hard disk is over 8 gig and lilo
has not been
booting for me. It hangs at LI. I saw in another faq or how-to that
lilo hangs at
LI only when it thinks you have a scsi device. I do see an error
regarding scsi
as I boot, IF I boot. I sure wish I could rid myself of this bug as
well...
Your help is GREATLY appreciated.
-Jeff Kendall
ps: thanks, hannu for the fix,
while i have tried loading the masq modules before,
perhaps there is something in the order of the script you supplied...
Hannu wrote:
> echo "Enabling IP MASQ, MASQ timeouts, MASQ modules and advanced firewalling"
>
> #Load the MASQ modules
> #
> echo Loading MASQ modules
> #/sbin/modprobe ip_masq_cuseeme
> /sbin/modprobe ip_masq_ftp
> /sbin/modprobe ip_masq_irc
> #/sbin/modprobe ip_masq_quake
> #/sbin/modprobe ip_masq_vdolive
> /sbin/modprobe ip_masq_raudio
>
> # Finished with MASQ modules
>
> echo "Enabling IP Masqurading.."
> echo "1" > /proc/sys/net/ipv4/ip_forward
>
> /sbin/ipfwadm -F -p reject
> /sbin/ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0 -W eth0
>
> echo "rc.firewall done."
i will try the fix and post to this newsgroup if it works...
------------------------------
From: Hugo Theriault <[EMAIL PROTECTED]>
Subject: Re: linux firewall
Date: Tue, 06 Apr 1999 22:18:34 GMT
Luca Filipozzi wrote:
> In article <mevO2.25951$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] says...
> > hi i use red-hat 5.2 kernel 2.0.36
> >
> > i have a small lan at home and an ADSL internet connection.
> >
> > i have set up dns and internal ip config on my workstations, works fine. on
> > my linux box i have setup both my nics and can ping the internet fine, i
> > also can ping the ip of my outside nic from my other workstations.
> >
> > the problem is that i cannot ping any outside ip from my other workstations
> > i have a connection timed out with ip addresses and nothing if i ping names
> > eg. www.xxx.xxx
> >
> > any ideas...
> >
> > thanx alot posted another messages and got great advice, linux community is
> > really cool
> >
> > hugo
> >
> >
> >
> ip packet forwarding needs to be on (this should be true already)
>
> do you have real ip addresses for all your machines?
>
> if so, then you need to tell your upstream ISP to route all of your IP
> addresses to your linux box and you need to set up your linux box to
> route them to your internal network.
>
> if not, then you need to do Network Address Translation (aka
> Masquerading). You may need to rebuild your kernel (doubt it). You use
> the ipfwadm utility to set up rules.
>
> Do a search on Dejanews for my name as author in comp.os.linux.networking
> and you'll see a lot of info in January regarding this.
>
> Hope this helps
> --
> Luca Filipozzi <[EMAIL PROTECTED]>
hi and thanx for the answer..
i did create a file called rc.firewall for a simple masquerading setup... how do
i know if it is on?
my network has static addesses and my linux has 192.168.0.1 plus i get addresses
vis dhcp from my isp.
thanx again
hugo
------------------------------
From: [EMAIL PROTECTED] (Luca Filipozzi)
Subject: Re: linux firewall
Date: Tue, 6 Apr 1999 15:28:25 -0700
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
> Luca Filipozzi wrote:
>
> > In article <mevO2.25951$[EMAIL PROTECTED]>,
> > [EMAIL PROTECTED] says...
> > > hi i use red-hat 5.2 kernel 2.0.36
> > >
> > > i have a small lan at home and an ADSL internet connection.
> > >
> > > i have set up dns and internal ip config on my workstations, works fine. on
> > > my linux box i have setup both my nics and can ping the internet fine, i
> > > also can ping the ip of my outside nic from my other workstations.
> > >
> > > the problem is that i cannot ping any outside ip from my other workstations
> > > i have a connection timed out with ip addresses and nothing if i ping names
> > > eg. www.xxx.xxx
> > >
> > > any ideas...
> > >
> > > thanx alot posted another messages and got great advice, linux community is
> > > really cool
> > >
> > > hugo
> > >
> > >
> > >
> > ip packet forwarding needs to be on (this should be true already)
> >
> > do you have real ip addresses for all your machines?
> >
> > if so, then you need to tell your upstream ISP to route all of your IP
> > addresses to your linux box and you need to set up your linux box to
> > route them to your internal network.
> >
> > if not, then you need to do Network Address Translation (aka
> > Masquerading). You may need to rebuild your kernel (doubt it). You use
> > the ipfwadm utility to set up rules.
> >
> > Do a search on Dejanews for my name as author in comp.os.linux.networking
> > and you'll see a lot of info in January regarding this.
> >
> > Hope this helps
> > --
> > Luca Filipozzi <[EMAIL PROTECTED]>
>
> hi and thanx for the answer..
>
> i did create a file called rc.firewall for a simple masquerading setup... how do
> i know if it is on?
> my network has static addesses and my linux has 192.168.0.1 plus i get addresses
> vis dhcp from my isp.
>
> thanx again
>
> hugo
>
>
>
>
I don't use ipchains... so I can't help you if you use it.
With ipfwadm you can type
ipfwadm -I -l -n to list Incoming rules
ipfwadm -O -l -n to list Outgoing rules
ipfwadm -F -l -n to list Forwarding (and masquerading) rules
ipfwadm -A -l -n to list Accounting rules
--
Luca Filipozzi <[EMAIL PROTECTED]>
------------------------------
Reply-To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED] (Greg Weeks)
Subject: Re: 286 diskless computers like terminals on linux
Date: Tue, 6 Apr 1999 16:51:39 -0500
In article <7edr09$8na$[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]> writes:
> I have a network with some 286 (1Meg VGA Card) diskless / ethernet card.
>
> How can I make this computers, terminals (X terminals if possible) on a
> Linux box?
I don't know of any X terminal package that runs on a 286. For dumb
terminal emulation simply have a bootable DOS disk and a DOS based
terminal program. There are a bunch of them.
Greg Weeks
--
http://durendal.tzo.com/greg/
------------------------------
From: "yuval" <[EMAIL PROTECTED]>
Subject: telnet to host as root
Date: Wed, 7 Apr 1999 00:52:04 +0300
While trying to login as root from a95pc (samba connection)
by telnet i get msg "login inncorect"
why ?
(other users can login fine ..)
------------------------------
From: dont spam me<[EMAIL PROTECTED]>
Subject: Re: screwy minicom connection
Date: Tue, 06 Apr 1999 22:14:23 GMT
On Mon, 05 Apr 1999 15:50:47 -0700, Suresh <[EMAIL PROTECTED]>
wrote:
>I am having the same problem connecting to my ISP. If you can fix it, please let me
>know as its driving me crazy for past couple of days.
>-Suresh
>
I dont think it's the same problem...
first off if you call most if not all isp's with minicom, you will be
presented with a login prompt but when your name passwd pair is
authentcated, it expects a ppp or slip connection immediately if their
authentication server (radius server) doesn't allow shell access. or
in the case of the isp I run, as soon as the connection is up, it
expects a ppp LPC negotiation before the login prompt is displayed, if
after 2 seconds, it doesn't recieve the ppp LPC is will present the
login prompt and ask the radius server if shell account is allowed. if
not, it will simply authenticate your passwd and hang up.
Unfamiliar with modern VMS so I cant answer that one. the last vms
computer I used was to old
tng
>Qozmoe wrote:
>
>> i'm trying to make a terminal connection to my school's VMS computer using
>> minicom. i dial up the number, hear the connection being made, and minicom
>> begins to display some characters from the school. it occasionally gets to the
>> login prompt, but it always always hangs up after about a minute or less. i've
>> tried this same connection using hyperterm in win95 and it connects fine nearly
>> every time. can anyone think of any reason why this is happening??
>> qozmo
>
>
>
------------------------------
From: dont spam me<[EMAIL PROTECTED]>
Subject: Re: Still unable to FTP or Telnet
Date: Tue, 06 Apr 1999 23:06:24 GMT
On 6 Apr 1999 12:54:21 GMT, "Russell S. DiPesa"
<[EMAIL PROTECTED]> wrote:
>To All,
> I have two Linux servers (we'll call them box1 and box2) that can ping
>each other with no problem. I can access either box from several different
>Windows machines using FTP or Telnet with no problem. I can access box2
>from box1 using FTP or Telnet. When I try to access box1 from box2, I am
>unable to connect. I receive the following messages:
try re-installin the telnet and ftp clients on box2
if that dont work, try re-installing ftp and telnet servers on box1
>from FTP:
> Connected to box1.net.
> 421 - Service not available, remote server has closed connection.
>
>from Telnet:
> Trying box1.net.
> Connected to box1.net.
> Escape character is '^]'.
> Connection closed by foreign host.
>
>Does anyone know why? I have checked the following as suggested, but to no
>avail.
>
>1. Check /etc/hosts.allow to see if box2's ip is allowed in. -- file is
>empty
>2. Check /etc/hosts.deny to see if any ip is denied. -- file is empty
>3. Check your firewall on box1 to see if you disabled telnet port 23
>and ftp port 21. -- machine is not acting as a firewall
>4. Check /etc/services on box1 to see what ports telnet and ftp are
>running on. Make sure you telnet to the right port. -- port configuration
>is correct.
>
>Any other suggestions?
>
>Russ
------------------------------
From: [EMAIL PROTECTED] (Luca Filipozzi)
Crossposted-To: comp.security.firewalls
Subject: Re: static & dynamic NAT with multiple external interfaces?
Date: Tue, 6 Apr 1999 16:20:53 -0700
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
> In article <[EMAIL PROTECTED]>, sl3nf.cc@usu says...
> > Are there any NAT firewalls out there that allow multiple external
> > logical interfaces and allow port _ranges_ on those interfaces to be assigned
> > to specific internal addresses?
> >
> > For instance, I want say, 8 external addresses mapped to the ethernet device on
> > the outside network. I want port 2125 on each to map to specific machines
> > inside my network, but I want the rest of the ports on those interfaces to be
> > available to behave as normal NAT devices. (My problem is much more complex,
> > but that will do for the question at hand.)
> >
> > thanks for your time...
> >
> > rOn barry
> >
> A combination of ip address aliasing, and masquerading, and port
> forwarding should do the trick for you, I would think.
>
> ifconfig will allow you to assign extra ip addresses to a single
> interface
>
> ipportfw will allow you to forward ip_addr/port packets as you choose
>
> ipfwadm will allow you to do masquerading/NAT for the rest of the traffic
>
> Hope this helps,
>
> Luca
>
These are utilities in Linux, BTW. Take a look at www.linuxrouter.org, a
mini-distribution of Linux that boots from floppy, runs from ram, and can
probably do everything you want. It's free, is based on the Debian
distribution, and does expect you to know Linux/Debian somewhat.
I've used it for a much simpler application than yours and was happy with
it.
The hardest part of any Linux distribution (this one included) is getting
it to load the driver for your ethernet card. Once I got that all set up,
life was fine.
--
Luca Filipozzi <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED] (Luca Filipozzi)
Subject: Re: Still unable to FTP or Telnet
Date: Tue, 6 Apr 1999 16:22:26 -0700
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> On 6 Apr 1999 12:54:21 GMT, "Russell S. DiPesa"
> <[EMAIL PROTECTED]> wrote:
>
> >To All,
> > I have two Linux servers (we'll call them box1 and box2) that can ping
> >each other with no problem. I can access either box from several different
> >Windows machines using FTP or Telnet with no problem. I can access box2
> >from box1 using FTP or Telnet. When I try to access box1 from box2, I am
> >unable to connect. I receive the following messages:
>
> try re-installin the telnet and ftp clients on box2
> if that dont work, try re-installing ftp and telnet servers on box1
>
> >from FTP:
> > Connected to box1.net.
> > 421 - Service not available, remote server has closed connection.
> >
> >from Telnet:
> > Trying box1.net.
> > Connected to box1.net.
> > Escape character is '^]'.
> > Connection closed by foreign host.
> >
> >Does anyone know why? I have checked the following as suggested, but to no
> >avail.
> >
> >1. Check /etc/hosts.allow to see if box2's ip is allowed in. -- file is
> >empty
> >2. Check /etc/hosts.deny to see if any ip is denied. -- file is empty
> >3. Check your firewall on box1 to see if you disabled telnet port 23
> >and ftp port 21. -- machine is not acting as a firewall
> >4. Check /etc/services on box1 to see what ports telnet and ftp are
> >running on. Make sure you telnet to the right port. -- port configuration
> >is correct.
> >
> >Any other suggestions?
> >
> >Russ
>
>
Check inetd.conf to make sure the inetd knows how to start those
services.
--
Luca Filipozzi <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED] (Luca Filipozzi)
Subject: Re: Home networking question (Long) (Linux newbie)
Date: Tue, 6 Apr 1999 16:26:09 -0700
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
> Before someone says it, using the linux box as the server/proxy/router
> is not an option.
Find a 486SX25 with 8MB of RAM. Put two NE2000 cards in it. Go to
www.linuxrouter.org and use their boot-from-floppy distribution. Done.
I'm sure you could buy a 486SX25 for $50.00 and two LinkSys cards for
$100.00. You don't need a hard drive. You only need a floppy drive and a
video card. This is what I have done in the past (I have a hard drive,
now cause I wanted more utilities) and it works great. Now, neither your
computer nor your girl-friends is tied up acting as a firewall.
Luca
--
Luca Filipozzi <[EMAIL PROTECTED]>
------------------------------
From: "D. C. Sessions" <[EMAIL PROTECTED]>
Subject: Re: WISECOM ETHERNET CARD
Date: Tue, 06 Apr 1999 15:14:37 -0700
Franky Goethals wrote:
> I've recently installed SUSE - linux, and want to use my network-card,
> a WISECOM-card.
>
> I can't get it to work without the good drivers.
It would help to know what kind of chip it uses. Enter
cat /proc/pci
and we can tell you more.
--
D. C. Sessions
[EMAIL PROTECTED]
------------------------------
From: "Mojoman" <[EMAIL PROTECTED]>
Crossposted-To: alt.linux,alt.os.linux,apana.lists.os.linux.ppp,comp.os.linux.setup
Subject: Modem problem with RedHat 5.2
Date: Tue, 6 Apr 1999 17:04:42 -0600
I have a Diamond SupraExpress 56k modem. I am having trouble setting it up
in linux. It is set to Com Port 3 in win95. I set it up to the correct cua
however, when I try dialing out in minicom or seyon etc I don't even get a
dial tone or hear the modem dialing or anything. I don't get any errors or
anything. I thought that maybe the speaker was just disabled, but picking up
the phone there is only a dial tone. Any help would be greatly appreciated.
Thank you,
Mark Powell
------------------------------
From: "Captain Blood" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc,alt.os.linux
Subject: Re: Unresolved modules (symbols)
Date: Tue, 6 Apr 1999 18:34:08 -0500
After make config, and before make modules, do a make dep
just a hint...
Walter L. Williams <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Yan Seiner wrote:
>
> > Make mrproper basically hoses all changes you had made to the system.
> > You need to follow that up with a make config ; make modules ; make
> > modules_install ; make zImage.
> >
> > It sounds like you left out the make modules or make modules_install
> > steps.
> >
> > Yan
> >
>
> Your right, I did'nt do that. Thanks for the info.
>
> Walt in Utah
>
------------------------------
From: "Seti" <[EMAIL PROTECTED]>
Subject: SETI@home is now available for various UNIX platforms
Crossposted-To:
linux.redhat.misc,comp.os.linux.misc,comp.unix.bsd.freebsd.misc,comp.unix.solaris,comp.unix.sco.misc,comp.unix.aix,comp.sys.hp.hpux,comp.unix.osf.misc,comp.unix.ultrix,comp.unix.cray
Date: Tue, 06 Apr 1999 22:45:41 GMT
http://setiathome.ssl.berkeley.edu/cgi-bin/unix_cgi
Woohoo! The search for extra-terrestrial life begins, with the power of
the world's computers!
------------------------------
From: sl3nf.cc@usu@edu (Sniggerfardimungus)
Crossposted-To: comp.security.firewalls
Subject: static & dynamic NAT with multiple external interfaces?
Date: 6 Apr 99 14:36:12 MDT
Are there any NAT firewalls out there that allow multiple external
logical interfaces and allow port _ranges_ on those interfaces to be assigned
to specific internal addresses?
For instance, I want say, 8 external addresses mapped to the ethernet device on
the outside network. I want port 2125 on each to map to specific machines
inside my network, but I want the rest of the ports on those interfaces to be
available to behave as normal NAT devices. (My problem is much more complex,
but that will do for the question at hand.)
thanks for your time...
rOn barry
------------------------------
From: Ron Watkins <[EMAIL PROTECTED]>
Subject: Re: Newbie's networking woes (RTL-8029)
Date: Tue, 06 Apr 1999 12:45:20 -0700
> ne2k-pci.c: PCI NE 2000 clone RealTek RTL-8029 at I/O =x7400 IRQ 15 ..
> and
> eth0: PCI NE 2000 etc.
IRQ 15 is bad. That usually conflicts with the secondary IDE port.
Try setting the NIC (using the DOS utilities if it has any) to IRQ 9, 10, or
11, and mark that interrupt as 'unavailable' in your PCI BIOS. That IO port
is also very strange for an NE2000. IO 0x300 is much more common.
You may then have to specify command line arguments to LILO to get the card
working correctly, but if I recall correctly, IO 300, IRQ 10 is one of the
first combinations the driver tries to autodetect. If you set it to those
values (and don't have any other conflicts), the card should work.
<<RON>>
------------------------------
From: Ron Watkins <[EMAIL PROTECTED]>
Subject: Re: firewall problem
Date: Tue, 06 Apr 1999 12:30:00 -0700
Hmm... I don't know what port the actual browsing happens on. It's probably
in the Netbios range of 137-139, but which one exactly I don't know. I
suspect your firewall has severed that connection.
It's not really 'normal' to try to browse across a firewall, because the
process of browsing exposes a great deal of data about the internal network
and users to the outside world. You really don't want your PDC exposed to the
world if you can possibly avoid it.
>From a security standpoint, it would be best to get the entire domain
firewalled. You shouldn't have any machines that are a part of the domain
that aren't protected. If you can't do that, opening ports 137 through 139
from the internal network to the external one should let browsing work again,
but it's a horrible hole and badly compromises your security.
You might dig a bit more -- browsing probably only uses 1 of the ports from
137-139, so opening just that port will be more secure than opening all
three. The hard info should be in Microsoft's Knowledge Base.
I have also forgotten the details of the firewalled network -- is that a
private net range? (i.e., 192.168.0.X?)
<<RON>>
[EMAIL PROTECTED] wrote:
>
> Thanks Ron for you answer.
>
> Sure I have all computers configured to use the same WINS. Before I had no
> firewall and everything was Ok. I fixed user validation problem adding
> routing to internal network in PDCs routing table. Now computers which are
> behind of firewall only can see each other but external computers. when I use
> "Find Computer" feature in windows 95 I can find them. (You asked me why I
> don't have PDC in the same network. I installed firewall and aditional
> internal network for testing and I don't want to move PDC there). I think
> current problem is with wins server but I don't know how to fix this.
>
> Thanks,
>
> Levan
>
> In article <[EMAIL PROTECTED]>,
> Ron Watkins <[EMAIL PROTECTED]> wrote:
> > Did you configure all the computers on both networks to use the same WINS
> > server?
> >
> > <<RON>>
> >
> > [EMAIL PROTECTED] wrote:
> > >
> > > Hi there,
> > >
> > > I have two networks connected with linux firewall. Users from first network
> > > can validate on NT PDC which is on second network. Problem is that I users
> > > from first network are unable to see computers in their "Network
> > > Neighborhood". Wins server is also on second network.
> > >
> > > Any ideas?
> > >
> > > Thanks
> > >
> > > -----------== Posted via Deja News, The Discussion Network ==----------
> > > http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
> >
>
> -----------== Posted via Deja News, The Discussion Network ==----------
> http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Hugo Theriault <[EMAIL PROTECTED]>
Subject: Re: linux firewall
Date: Tue, 06 Apr 1999 22:46:56 GMT
Luca Filipozzi wrote:
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> says...
> > Luca Filipozzi wrote:
> >
> > > In article <mevO2.25951$[EMAIL PROTECTED]>,
> > > [EMAIL PROTECTED] says...
> > > > hi i use red-hat 5.2 kernel 2.0.36
> > > >
> > > > i have a small lan at home and an ADSL internet connection.
> > > >
> > > > i have set up dns and internal ip config on my workstations, works fine. on
> > > > my linux box i have setup both my nics and can ping the internet fine, i
> > > > also can ping the ip of my outside nic from my other workstations.
> > > >
> > > > the problem is that i cannot ping any outside ip from my other workstations
> > > > i have a connection timed out with ip addresses and nothing if i ping names
> > > > eg. www.xxx.xxx
> > > >
> > > > any ideas...
> > > >
> > > > thanx alot posted another messages and got great advice, linux community is
> > > > really cool
> > > >
> > > > hugo
> > > >
> > > >
> > > >
> > > ip packet forwarding needs to be on (this should be true already)
> > >
> > > do you have real ip addresses for all your machines?
> > >
> > > if so, then you need to tell your upstream ISP to route all of your IP
> > > addresses to your linux box and you need to set up your linux box to
> > > route them to your internal network.
> > >
> > > if not, then you need to do Network Address Translation (aka
> > > Masquerading). You may need to rebuild your kernel (doubt it). You use
> > > the ipfwadm utility to set up rules.
> > >
> > > Do a search on Dejanews for my name as author in comp.os.linux.networking
> > > and you'll see a lot of info in January regarding this.
> > >
> > > Hope this helps
> > > --
> > > Luca Filipozzi <[EMAIL PROTECTED]>
> >
> > hi and thanx for the answer..
> >
> > i did create a file called rc.firewall for a simple masquerading setup... how do
> > i know if it is on?
> > my network has static addesses and my linux has 192.168.0.1 plus i get addresses
> > vis dhcp from my isp.
> >
> > thanx again
> >
> > hugo
> >
> >
> >
> >
> I don't use ipchains... so I can't help you if you use it.
> With ipfwadm you can type
> ipfwadm -I -l -n to list Incoming rules
> ipfwadm -O -l -n to list Outgoing rules
> ipfwadm -F -l -n to list Forwarding (and masquerading) rules
> ipfwadm -A -l -n to list Accounting rules
>
> --
> Luca Filipozzi <[EMAIL PROTECTED]>
i have default accept for everinting except acounting where i have nothing... should i
add accounts and if yes how and where???????
thanx again... Luca
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
