On Fri, 2005-02-11 at 11:10 -0700, jb wrote: > Okay, I've been working on this for a while, but it seems the iptables > nut is just too hard to crack. I even went to UVLUG's excellent firewall > meeting last Saturday.
"excellent" might be a little generous. ;) Hang tight. iptables is not that hard (takes a little work is all). > I'm trying to get Devil Linux (a live cd-based firewall distro) to work, > and I just can't seem to get it right. It boots fine, I run the setup, > configure both cards, DHCP client on one, DHCP server on the other, and > chose "basic two card firewall". Reboot. > > When it comes back up I can use Lynx to browse on the box, so I know > it's on the network. I boot up the Windows 2000 box behind the firewall, > and it gets the appropriate IP (10.0.0.20), but when I try to get to the > Internet either through a browser, or by pinging, I get "unknown host" > errors. Are you having name resolution problems under Windows? Try the ping using the ip address of the outside site. Did you set up DNS servers in your dhcp.conf? Also did you specify the gateway? > I cleared the tables (iptables -X; iptables -F, etc.), and then set the > default on all tables to ACCEPT (iptables -P INPUT ACCEPT; iptables -P > OUPUT ACCEPT; iptables -P FORWARD ACCEPT), so I should have a wide-open > firewall. It still doesn't work. You need to make sure the forwarding is allowed on the firewall. `cat /proc/sys/net/ipv4/ip_forward` Should show "1" If not you can `echo "1" > /proc/sys/net/ipv4/ip_forward` And your box will then forward packets. > I figure I must need to tell iptables which iface to use, but I can't > figure out how. Also, do I need to restart iptables, or does a rule > automatically get implemented once it's made? > > --jeremy Hang in there. I'll be posting my scripts from the meeting soon. Gabe -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
