[SuSE Linux] IP Forwarding and Firewalls Once Again

Sun, 11 Apr 1999 15:13:15 -0400 


Hi everyone,

    I have an internal network, a cable modem (Mediaone) connection to the
Internet, and an AMD 5x86 machine as my firewall.  I had SuSE 6.0 installed
with the 2.0.36 kernel, then I tried installing the 2.2.5 kernel, and had
some difficulty.  Although ip forwarding worked for a while, I broke a few
things.

    The upshot was I blew away SuSE 6.0 and reinstalled it.  Now I'm back to
square one with a lot of stuff (boy, what you forget when you don't use it).
I have the LINUX Complete Reference here, and a bunch of printouts on IP
forwarding, firewalling, using ipfwadm (as well as ipchains, but I'll deal
with that later).

    Here's my problem.  My internal IP address is 192.168.10.x, and the
external NIC is 24.128.24.x   When I read the IP filtering setup if ipfwadm
(I think this is from the "how-to"), it starts off by Denying all services.

OK, type in:  ipfwadm -F -p deny

Then it says "flush all commands", and gives three lines with separate
commands.  OK, I'm fine so, far, except that I wonder if flushing all
commands doesn't flush the "ipfwadm -F -p deny" command also.  But let that
go.

Here's the real problem.

    The HOW to give several lines, which I will render as given:

# Forward email to your server
ifpwadm -F -a accept -b -P tcp -S 0.0.0.0/0 1024:65535 -D 192.1.2.10 25

# Forward email connections to outside email servers
ipfwadm -F -a accept -b -P tcp -S 196.1.2.10 25 -D 0.0.0.0/0 1024:65535

# Forward web connections to your Web Server
ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0 1024:65535 -D 196.1.2.11 80

# Forward web connections to outside Web Server
ipfwadm -F -a accept -b -P tcp -S 196.1.2.* 80 -D 0.0.0.0/0 1024:65535

#Forward DNS traffic
ipfwadm -F -a accept -b -P udp -S 0.0.0.0/0 53 -D 196.1.2.0/24

OK, now as a practical matter, I want to substitute my internal NIC ip for
one of the above IP's, and my external NIC for another.  But I get confused.
In the examples (and I think the author of the How-To is consistent in this
througout, except perhaps for typos), the IPs are too close for comfort.  Do
I switch my 192.168.10.1 (the IP for the internal NIC on my router) for the
192 address above, and my 24.128.24.x  IP (external NIC) for the 196.x.x.x
addresses?

And what's with 196.1.2.* ?  What's that supposed to mean?

Any assistance would be greatly appreciated.

Stan Koper

--
To get out of this list, please send email to [EMAIL PROTECTED] with
this text in its body: unsubscribe suse-linux-e
Check out the SuSE-FAQ at http://www.suse.com/Support/Doku/FAQ/ and the
archive at http://www.suse.com/Mailinglists/suse-linux-e/index.html

Reply via email to