Re: Ip_forward trouble
----- Original Message -----
From: "Thomas Cook" <sysadmin@black-gear.com>
To: "Debian Firewall" <debian-firewall@lists.debian.org>
Sent: Sunday, January 06, 2002 6:00 PM
Subject: Re: Ip_forward trouble
Ok, I think we're starting to home in on an understanding.
--- snip ---
I can't get a test box behind the firewall to see the
firewall or any Ethernet signal on the network line. With the settings I
have described, when I plug a line from the internal adapter of the firewall
to the NIC of the Win2k test box, I expect to see the link light to come on,
the network indicator in the system tray to so a connection, and to be able
to ping the firewall from the test box, but I am not. As far as I can tell,
there is no Ethernet signal coming form the firewall to service the internal
network. This is my problem.
--- snip ---
When you are connecting two computers to eachother w/o a hub or switch you
have to make sure you are using a cross-over cable not a straight cable.
That is why you are probably not getting a link.
--- snip ---
I really appreciate this help,
-Tom
On 1/6/02 5:34 PM, "TOKI -- linux powa :)" <mrlinux5@yahoo.fr> wrote:
> Ok now i understand well.
> Ok your network is very logical. I understand why you choosed to take
> 10.0.x.y adresses.
>
> With debian it should be easy to setup this kind of firewall.
> To my mind because it s just beetween 2 networks, i would have recommend
> you openBSD. (because of the security of your lab too).
>
> Debian can be easily a strong firewall (mine is a debian).
> It will let you the choice of 2.2 or 2.4 kernels (i dont recommand 2.5.1
> cause is stil in beta test)
>
> So with 2.2 you have ipchains, ipmasqadm, and with 2.4 iptable and NAT.
>
> However you will not have any difficulties to find a solution for your
> prob. you can find lots of scripts for walling your debian on the net.
>
> try sourceforge.net or freshmeat.net
>
> Be happy. Your firewall will be easy to set up.
> (But you have to secure it before doing anything else !!!)
> Like removing files or services that you don t need, making strongest
> rules for your wall, compiling your kernel staticly etc...
> Tasks that you need to do !!!
> And of course it will not protect you if you don t protect your servers.
>
> A long task for a newbie but it pays well ;))
> You can be sure .. ;)
>
> On Sun, 2002-01-06 at 22:47, Thomas Cook wrote:
>> TOKI:
>>
>>
>> The use is that I don¹t really know what I'm doing. Well, not totally...
>> Here is the lay of the land.
>>
>> I have a high speed connection connected (appropriately enough) to a
>> hardware router and hub. This router (192.168.1.1) serves as a DHCP host
>> for my little LAN. On this LAN there are basically 2 sectors. The first
is
>> the general house computers, used by the people here for surfing and
e-mail,
>> nothing fancy. There are at any time, between 6 and 12 of these, mostly
>> running windows. Because they have no use for it, all of their ports are
>> blocked from the outside by the router I mentioned.
>>
>> The second leg of the network is my computer lab. This lab consists of
>> about 2 dozen boxes running any number of OS's and services like my mail,
>> web site, shell server, etc. Not all of this are set up, mainly because
>> they need to be seen from the outside, and thus protected. Hence the
>> firewall (among other protections).
>>
>> I have set the firewall up on the network, with an IP address from the
>> router, and have left that IP in the DMZ of the router so it is seen from
>> the internet at large. I want to set up some sort of NAT to translate
the
>> ports of the firewall to the appropriate servers behind the firewall. To
>> avoid any confusion by the people on the larger house network, I was
going
>> to use the 10... IP rang for the network, but it really makes no
difference,
>> and I can just as easily set them up with the subnet you suggest.
(though
>> the term easily may not apply as I have yet to get this working).
>>
>> I have been fighting with several firewall solutions (smoothwall,
Gibraltar,
>> redhat based, openBSD based), but because the box i am using is SCSI
based,
>> it has a complicated install, and many distros have trouble. I like
debian,
>> because it installs flawlessly, has that great package system, and I have
>> used it in many of the boxes in the lab. I have though about trying a
>> hardware solution (namely a netscreen 5xp) but the price tag of a $500
>> hardware firewall vs. a free debian firewall is always a deal breaker.
>>
>> Maybe some of this rambling will help,
>> -Tom
>>
>>
>> --
>> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
>> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: