Re: Firewall problem
On Fri, 11 Sep 1998, Christopher Fury wrote:
> I'm trying to setup a local lan at my house with a firewall to allow
> access to the outside world. I've followed the Firewall-FAQ and I
> can't seem to see what I've done wrong... Maybe somebody can tell me.
> I'm running Debian 2.0.
>
> I have the following network options set in my kernel:
>
> x x [*] Network firewalls
> x x [ ] Network aliasing
> x x [*] TCP/IP networking
> x x [ ] IP: forwarding/gatewaying
> x x [ ] IP: multicasting
> x x [ ] IP: syn cookies
You will need ip masquerading and forwarding
> x x [*] IP: firewalling
> x x [*] IP: firewall packet logging
> x x [ ] IP: masquerading
> x x [ ] IP: always defragment
> x x [*] IP: accounting
> x x [ ] IP: optimize as router not host
> x x < > IP: tunneling
> x x --- (it is safe to leave these untouched)
> x x [ ] IP: PC/TCP compatibility mode
> x x < > IP: Reverse ARP
> x x [ ] IP: Disable Path MTU Discovery (normally enabled)
> x x [*] IP: Drop source routed frames
> x x [*] IP: Allow large windows (not recommended if <16Mb of memory)
>
> # ifconfig
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0
> UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1
> RX packets:129 errors:0 dropped:0 overruns:0 frame:0
> TX packets:129 errors:0 dropped:0 overruns:0 carrier:0
> Collisions:0
>
> eth0 Link encap:Ethernet HWaddr 00:C0:DF:46:FE:61
> inet addr:198.82.204.103 Bcast:198.82.204.255
> Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:17436 errors:0 dropped:0 overruns:0 frame:80
> TX packets:2911 errors:11 dropped:0 overruns:0 carrier:22
> Collisions:383
> Interrupt:5 Base address:0x300
>
> eth1 Link encap:Ethernet HWaddr 00:C0:F0:35:46:F1
> inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:71 errors:0 dropped:0 overruns:0 frame:0
> TX packets:153 errors:0 dropped:0 overruns:0 carrier:0
> Collisions:0
> Interrupt:4 Base address:0x240
>
> # route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 198.82.204.0 0.0.0.0 255.255.255.0 U 0 0 9
> eth0
> 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 8
> eth1
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 2
> lo
> 0.0.0.0 198.82.204.1 0.0.0.0
>
> when I try to ping something inside my network, the hub registers the
> data... but none of the packets seem to get through to the other
> machine.
> Same thing happens when I ping from a machine inside my network to the
> firewall.
>
> Do I have to set IP forwarding/gateway? I notice the NET-3 howto says
> something about that, but the Firewall-HOWTO says to leave it off unless
> you want IP-Filtering. I think I'm just going to be using SOCKS.
>
>
> --
> Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
>
>
Reply to: