On Saturday 30 March 2002 01:24 am, Brian Parish wrote:
> Hanan,
>
> I think you should have the NIC whose address is 192.168.0.1 listed in
> your trusted interfaces in
>
> /etc/Bastille/bastille-firewall.cfg
>
> HTH
> Brian
>
> On Fri, 2002-03-29 at 02:24, Hanan Shargi wrote:
> > Hi every one,
> >
> > I spent the past 2 days ( almost ) reading about how to set ip
> > masquerading , iptables, ipchains, setting NFS ....etc. just to be able
> > to put my hands on the problem why cant my w2k machine ping the linux
> > machine ( both on a lan where linux machine has 2 eth cards, one IP for
> > external network (internet with a static IP ) and the other eth for local
> > network with IP 192.168.0.1 ) to hopefully fix this ping issue, SO
> > FINALLY I'd be able to share my files between the 2 machines !!!!
> >
> > needless to say I couldnt come up with the fix :(
> > Now I desperatly need some expert here (or non expert ) to answer my
> > following question PLEASE :(
> >
> > During a "thorough" investigation of the files on my LM 8.1 system which
> > I set up as a router to my home lan ( I set up the internet sharing and
> > networking stuff ..ect using Mandrake control center)
> > I found that there are the following files on my LM 8.1 sys:
> >
> > /etc/Bastille/bastille-firewall.cfg
> >
> > I'll list the relevant contents of this file ( only uncommented lines )
> >
> > DNS_SERVERS="205.177.x.x 205.177.x.x "
> >
> > TRUSTED_IFACES="lo"
> > PUBLIC_IFACES="eth0" ### you don't need slip ppp
> > INTERNAL_IFACES="eth1" ### Your internal network eth???
> >
> > TCP_AUDIT_SERVICES="telnet ftp imap pop3 finger sunrpc exec login
> > linuxconf sh"
> > UDP_AUDIT_SERVICES="31337"
> > ICMP_AUDIT_TYPES=""echo-request" ### ping/MS tracert
> >
> > TCP_PUBLIC_SERVICES="22 25 109 110 143 23 53" ### need 20 21 ftp
> > MINIMAL/SAFEST
> > UDP_PUBLIC_SERVICES="53" ###ntp? 123
> > TCP_INTERNAL_SERVICES="" ### 137 138 139 is samba
20 21 22 23 25 53 110 maybe more
> > UDP_INTERNAL_SERVICES="" ### ntp? 123
> >
> > FORCE_PASV_FTP="N"
> >
> > TCP_BLOCKED_SERVICES="6000:6020"
> > UDP_BLOCKED_SERVICES="2049"
> > ICMP_ALLOWED_TYPES="destination-unreachable echo-reply time-exceeded"
> >
> > IP_MASQ_NETWORK="192.168.0.0/16" ### these need SOMEthing
> > IP_MASQ_MODULES="ftp raudio vdolive" ###
> > REJECT_METHOD="DROP" ### stealth mode
> >
> > DHCP_IFACES=""
> >
> > NTP_SERVERS=""
> > ICMP_OUTBOUND_DISABLED_TYPES="destination-unreachable time-exceeded"
> >
DROP_SMB_NAT_BCAST="Y" #### drop those packets
> > -----------------------------------------
> >
> > and this file :
> > /etc/rc.d/rc.firewall ===> which have the following content:
> >
> > # Automatically added by drakgw
> > [ -x /etc/rc.d/rc.firewall.inet_sharing ] &&
> > /etc/rc.d/rc.firewall.inet_sharing
> >
> > # Mandrake-Security : if you remove this comment, remove the next line
> > too. echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
> > -----------------------------------------
> >
> > And another file :
> >
> > /etc/rc.d/rc.firewall.inet_sharing-2.4 which have the following content:
> > #!/bin/sh
> > modprobe iptable_nat
> > echo 1 > /proc/sys/net/ipv4/ip_forward
> > /sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
> > /sbin/iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT
> > /sbin/iptables -A INPUT -i eth2 -p udp --sport bootpc --dport bootps -j
> > ACCEPT /sbin/iptables -A INPUT -i eth2 -p tcp --sport bootpc --dport
> > bootps -j ACCEPT /sbin/iptables -A INPUT -i eth2 -p udp --sport bootps
> > --dport bootpc -j ACCEPT /sbin/iptables -A INPUT -i eth2 -p tcp --sport
> > bootps --dport bootpc -j ACCEPT /sbin/iptables -A INPUT -i eth2 -p udp
> > --dport domain -j ACCEPT
> > /sbin/iptables -A INPUT -i eth2 -p tcp --dport domain -j ACCEPT
> >
> >
> > I tried applying some changes to the peceeding files, and it resulted in
> > either no changes / or breaking the connection sharing ..
> >
> > If somebody can tell me what exactly shall I change, or even how does
> > this connectiong sharing / bastille firewall basically work together to
> > support the internet sharing and routing thing....as the more I read in
> > the how-tos the more lost I feel... as nothing seem to be as they
> > describe in these how-to's.
> >
> > Any help would be appreciated AS I'm totally lost here.
> >
> > Regards.
> >
/etc/rc.d/init.d/bastille-firewall stop and
/etc/rc.d/init.d/bastille-firewall start
--
Gerald Waugh : Registered Linux user # 255245
http://www.frontstreetnetworks.com
New Haven, CT, United States of America
11:11am up 8 days, 19:36, 2 users, load average: 0.96, 1.03, 1.07
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
