Re: Debian Firewall Problems
-----Original Message-----
From: Roberto Samarone Araújo (RSA) <sama@inf.ufsc.br>
To: <debian-firewall@lists.debian.org>
Date: Fri, 23 Jan 2004 15:15:59 -0800
Subject: Debian Firewall Problems
> Hi,
>
> I have an Conectiva Linux firewall with the follow structure:
>
> Net1 (10.2.1.0/24) ---- FIREWALL1 ---- Net2 (10.255.255.0/24)
> ---
> FIREWALL2 ---- INTERNET
>
> The interface 1 (Net1) of the Firewall is 10.2.1.254 and the
> interface
> 2 (Net 2) is 10.255.255.250. This structure is working fine on a
> Conectiva
> Linux but now, I'm replacing the Conectiva and put a Debian :]
>
> The Debian firewall will have the same structure of the Conectiva
> Firewall.
>
> I set up the new firewall and configured it like the conectiva
> but, I'm
> having some problems:
>
> 1. When I try to ping, using a machine on Net1, the
> interfaces
> 1 and 2 of the firewall1, it works fine but, if I ping others machines
> on
> Net2, it doesn't work
> 2. If I try access the Internet using a machine on Net1,
> I
> can't.
>
> I used the commands:
>
> sysctl -w net.ipv4.ip_forward=1
> sysctl -w net.ipv4.conf.all.rp_filter=0
>
> but, I still can't access the Internet.
>
> I'm a bit confuse because this is working fine on a Conectiva but,
> in
> the Debian not. My iptables rules is accepting everything while I'm
> doing
> the tests. I'm not using NAT.
>
> Does anyone could help me please ? Is the anything specific to set
> up on
> Debian Linux ?
>
>
I think we have to know:
if pinging the net2 from the firewall works;
if pinging the firewall interfaces from net2 works;
if the hosts on the net 2 receives the echo request while pinging from
net1 to net2;
if the firewall receives the echo reply;
if the firewall forwards the echo reply.
Naturally I assume that hosts in net2 have correct routing information
for net1 via the firewall.
Why the rp_filter is disabled? I think it doesn't matter.
**************************************************************************
Questo messaggio puo' contenere informazioni di carattere estremamente
riservato e confidenziale.
Qualora non foste i destinatari, vogliate immediatamente informarci
con lo stesso mezzo ed eliminare il messaggio, con gli eventuali allegati,
senza trattenerne copia. Qualsivoglia utilizzo non autorizzato del
contenuto di questo messaggio costituisce violazione dell'obbligo di non
prendere cognizione della corrispondenza tra altri soggetti, salvo piu'
grave illecito, ed espone il responsabile alle relative conseguenze civili
e penali.
This message is being sent from Starcom Italia Srl and may
contain information which is confidential or privileged. If you are not
the intended recipient, please advise the sender immediately by reply
e-mail and delete this message and any attachments without retaining a
copy. Any unauthorized use of the content of this message is a breach of
your duty to respect the confidentiality of the correspondence between
other persons and can expose the responsible party to civil and/or
criminal penalties, and may constitute a more serious offense.
**************************************************************************
Reply to: