Re: Firewall/Networking Problem
Hi,
I read in a howto (can not remember which), that you also need a script. I
do not know if this is needed for Debian systems, or if it is primarily
needed for firewall setups. Anyway, here are the important lines. I put it
in /etc/ppp/ip-up.d/masq_on
#!/bin/sh
depmod -a
modprobe ip_masq_ftp # so you can ftp
modprobe ip_masq_raudio # so you can use realaudio (see /lib/modules/<kernelversion>/ipv4)
# start a new chain
ipchains -F forward
# block everything
ipchains -P forward DENY
# masq everything from 192.168.1.* to *.*.*.* and back
ipchains -A forward -s 192.168.1.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
# set a telnet timeout
ipchains -M -S 3600 10 160
This is for the server. Also remember to set the gateway of your client to
your server.
Greetz,
Sebastiaan
On Tue, 30 Jan 2001, Leonard Leblanc wrote:
> I'm setting up a linux box to act as a firewall/proxy for my 4 computer (win98) network. I have 2 ethernet cards in the linux box (both being detected) and have complete access to the internet on my linux box. I can ping all the win98 boxes from my linux box and can ping both network ip's on the linux box from the win98 boxes. The only problem is I can't ping anything past my firewall/proxy. I haven't actually setup any firewall rules so I shouldn't be blocking myself out and I'm not quite sure where to look.
>
> Also I am running kernel version 2-2-13r2 with the following networking options set:
> Packet Socket
> Network Firewalls
> Unix Domain Sockets
> TCP/IP networking
> IP: advanced router
> IP: firewalling
> IP: always defragment
> IP: transparent proxy support
> IP: masquerading
> IP: ICMP masquerading
> IP: optimize as router not host
> IP: aliasing support
> IP: TCP syncookie support
> IP: allow large windows
>
> I have read and am referencing the Firewall/Proxy how-to as well as the IP-Masquerading HOWTO and many many others.
>
> Does anyone have an idea as to the next place I should look?
>
> Leonard Leblanc
>
Reply to: