[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

ipfwadm

Hi all,

I have been trying to set up a firewall on my Debian box, but to no avail.

The steps I have taken are as follows:

1) setup the dial connection to my ISP using diald with ppp. (I can connect
to my ISP without any problems)

2) recompiled the kernel experimental, with the masquerade, firewall, etc
enabled, ip forwarding, etc disabled, as per the instructions in the
IP_MASQUERADE mini howto. (I can connect to my ISP without any problems)

3) disabled reroute in diald. I can no longer connect my ISP. This what I
expect as I have to now specify the forwarding to be done from the SLIP to
the PPP interface by hand (once I can do it by hand then I can automate it
using the diald ip-up/ip-down scripts).

When I try to do an ftp, diald connect to my ISP correctly, but after a
while ftp fails saying: Host name lookup failure. When I do an ifconfig
after connection to my ISP I see the following:

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Bcast:127.255.255.255  Mask:255.0.0.0
          UP BROADCAST LOOPBACK RUNNING  MTU:3584  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0
          TX packets:0 errors:0 dropped:0 overruns:0

ppp0      Link encap:Point-Point Protocol  
          inet addr:200.28.16.97  P-t-P:200.28.16.4  Mask:255.255.255.0
          UP POINTOPOINT RUNNING  MTU:1524  Metric:1
          RX packets:9 errors:0 dropped:0 overruns:0
          TX packets:13 errors:0 dropped:0 overruns:0

sl0       Link encap:Serial Line IP  
          inet addr:200.28.16.97  P-t-P:200.28.16.4  Mask:255.255.255.0
          UP POINTOPOINT RUNNING  MTU:1524  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0
          TX packets:3 errors:0 dropped:0 overruns:0

What values must I sepcify in ipfwadm -I, ipfwadm -F, ipfwadm -O.

I need to use masquerading because as soon as I get it up and running on my
host box, then I have to set it up as an Internet router on a private
network. I must restrict as far as possible all entries from the Internet
to my Intranet, but still permit the Intranet all possible routes out to
the Internet (mail, news, www, telnet, irc, to name but a few).

I hope someone can help me as I am a bit lost at the moment.

"Simon Martin"<smartin@reuna.cl>

"Old software engineers never die, they just fail to boot"

Any Trademarks used in this document are recognized as Registered
Trademarks of their respective owners.

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: