Re: [Leaf-user] Firewall Setup / Cable Setup
Ray Olszewski wrote: snip Having found it, we still have to fix it. I don't use the Dach default firewall, but someone else can tell you the edit for it ... or you can try scanning the list archives (the external-privvate-address problem comes up regularly on the list). [Mike, is this problem common enough to deserve a FAQ answer?] Or you can use a different drop-in firewall; I know echowall.lrp, for example, handles private-range external addresses OK. The default Dachstein firewall scripts deny traffic on the external interface that comes from/goes to private-range ip-adresses. I think you can solve this in your case by commenting out line 208 in /etc/ipfilter.conf. Here is how to do it: - Go to the lrcfg menu (if you are not already there), choose 1, then 2. Now you are editing /etc/ipfilter.conf. - Go to line 208 (the line number is at the bottom right of your screen) - Place a # at the beginning of line 208. (just like line 207) - Save the changes, and exit from the editor - Exit from the menu so that you are at the commandline. - On the commandline type this: svi network ipfilter reload - Test the changed firewall. If everything works ok you can backup etc.lrp through the menu. Good luck! Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Firewall Setup / Cable Setup
Put a blank floppy in the LEAF floppy drive. At a prompt, enter mount -t msdos /dev/fd0 /mnt cat /etc/network.conf /mnt/network.txt umount /mnt send any other information on other things you've done to configure the box. You shouldn't have to modify anything but network.conf and add your modules. You can then take the network.txt file and copy/paste it in a email. This appears to be the source of your problem unless you have modified something else manually. It sounds like your ping isn't attempting to ping the internet. make sure that : IPFWDING_KERNEL=FILTER_ON IPFILTER_SWITCH=firewall Other note: XP Box p550 w/256mb internal ip 192.168.1.1 gateway 192.168.1.254 dhcp server 192.168.1.254 dns1 24.116.0.81 ~~~ If your running dnscache.lrp, change to dns2 24.116.0.201~~~ 192.168.1.254 -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Firewall Setup / Cable Setup
DUH! Thanks Ray! nm my post. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Firewall Setup / Cable Setup
[EMAIL PROTECTED] wrote:
Ok. I have spent the last 2 days messing with Dachstein (Floppy based).
I still can't get it to work.
I have gone through all menu option on lrcfg about 20 times. I have looked over
most of
the documentation I have found.
This is my situation:
I am getting my DHCPACK from my ISP. DHCP on the external side is working and sets
up.
snip
internal IP 192.168.1.254
external IP 10.120.92.142
Sincerely,
Justin Pease
N u a n c e N i n e
You need to comment out the following line in /etc/ipfilter.conf
close to the start of the file - around line 200 under
stopMartians () {
# RFC 1918/1627/1597 blocks
# $IPCH -A $LIST -j DENY -p all -s 10.0.0.0/8 -d 0/0 -l $*
$IPCH -A $LIST -j DENY -p all -s 172.16.0.0/12 -d 0/0 -l $*
$IPCH -A $LIST -j DENY -p all -s 192.168.0.0/16 -d 0/0 -l $*
That should allow 10 private addresses in through the firewall. Does your ISP tell
you that
they are masquerading you with private addresses? I think it is unethical to not tell
clients
that they are not given a real routable IP.
PS
I love my ISP. Not only do they give out static ips, but they will give out extra
ones to their
clients without charge. In this day of AOL and other marketing schemes it is
refreshing to find
someone who is technically superb and would rather be ethical than take your money.
Not too
many do that.
___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
