First be more specific about what you mean by "see the internet". Can't
ping? telnet? http? By IP address, FQDN, or both? In short, what tests are
you making and what are the EXACT error responses? (ping, for example, can
fail in 4 different ways that I know of, and the exact failure message tells
one a lot about the nature of the problem.)
On the RH router/firewall itself, you want to look at the output (assuming
this is a 2.2.x kernel; for 2.0.x, use the corresponding "ipfwadm" commands) of:
ifconfig -a
route -n
ipchains -L input -n
ipchains -L output -n
ipchains -L forward -n
ipchains -M -l [not certain of the syntax of this one; sorry]
cat /proc/sys/net/ipv4/ip_forward [should be a "1"]
If you are using IP Masquerading, your kernel needs to be compiled with that
support built-in; not all stock kernels are, and I don't know about RH 6.0
(or, for that matter, if you are using the stock kernel or compiled your own).
Then ... see if you can ping Internet and LAN addresses (not hostnames) from
the router-firewell itself. If not, tell us the EXACT error message. If you
can, then try pinging from a LAN client
(a) the router/firewall's *internal* (LAN) interface IP address
(b) the router'firewall's *external* (ISP) interface IP address
(c) the router/firewall's default gateway (as reported by
"rpute -n")
(d) some IP address that has to be reached through the default
gateway
For the first one of these that fails, report the EXACT results of ping.
>From your posting, I can't infer your level of expertise, so I apologize if
some of this is too elementary for your needs. If, after checking this stuff
yourself, you can't figure out what is wrong, you might want to try a
followup posting (still to the list, please; *not* to me personally) that
includes
output of "ifconfig -a" on the firewall/router
output of "route -n" firewall/router
the equivalents of the above from a client that you are
trying to ping from (you don't say what OSs the
clients use, so I can't be more specific)
the EXACT ping results I ask for in several places above
a general description of your LAN and Internet connection
(I infer it is ppp)
If (I can't be sure) the router works when it is NOT running a firewall
script, then you need to include the output of the various ipchains/ipfwadm
"list" commands as well.
As to your one specific question, about
>IPADDR="203.57.130.145/16" # the ip addy given by my isp
you need to put that line in a bit of context. Where does it appear and how
do you "reset" it?
At 11:30 PM 5/7/00 +0800, [EMAIL PROTECTED] wrote:
>
>Hi guys.. I have been trying my damned hardest to build a firewall for my
>linux redhat 6.0 net server. I have managed to get it down to being able to
>run it with no error's.. but when I run it the internal network can no longer
>see the internet through it.. and I cant fix this until I reboot my
>server.. :-( not good for my uptime..
>Is there any way of finding out what I've done wrong? or what service I can
>restart without restarting the whole damn machine? Also.. How can I make it
>change this bit :
>IPADDR="203.57.130.145/16" # the ip addy given by my isp
>
>so that Its automatic? Otherwise every time my machine dials up again I have
>to go in and reset the value of IPADDR (the machine is a 24/7 net server...
>the only time it needs to redail is when the isp occasionally boot me off for
>15 min..)
>The server does ip-forwarding and masqerading..
>If you require the firewall text be given so you can look through yourself
>please mail me.. (I dont wanna send it through the mail list as its kinda
>large :-/ )
>I'm outa ideas guys.. so any help would be great ... thanks..
>
------------------------------------"Never tell me the odds!"---
Ray Olszewski -- Han Solo
Palo Alto, CA [EMAIL PROTECTED]
----------------------------------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.linux-learn.org/faqs
