Re: 3nics and routing...
On Thu, 2002-04-11 at 14:58, Suresh Kumar R wrote:
> Hi,
>
> I am trying to setup a linux (debian potato, kernel
> 2.2.19) box as a firewall . I have 3 nics on it.
>
> First one(210.212.236.97) connected to my cisco
> router. 2rd card (eth1) to internal lan with pvt ips.
> Third(eth2) (210.212.236.113) one to a hub which
> connects to my machines with public ips (my dmz).my
> dmz has proxy/mail/web servers.
>
> I am able to ping to router access net from the
> firewall but able to ping even the router
> (210.212.236.105) from other machines connected to
> eth1 or eth2. From all machines, I can ping all cards
> in the
> firewall.
echo "1" > /proc/sys/net/ipv4/ip_forward
and change ip_forward to 'yes' in /etc/network/options for setting it on
boot up.
clear all the routes and add these
#route to the DMZ
route add -net 210.212.236.112 netmask 255.255.255.240 dev eth2
#route to the cisco
route add -host 210.212.236.105 dev eth0
#route to the private lan
route add -net 192.168.100.0 netmask 255.255.255.0 dev eth1
#default route out to the net via cisco
route add default gw 210.212.236.105
Make sure machines on the DMZ have their gateway set to 210.212.236.113
Make sure the machines on the lan have their gateway set to
192.168.100.254 (I assume thats the IP of eth1)
Make sure the cisco's default route is outward to the net, and all other
ip/nm (DMZ and your box, but not lan) are routed towards your box.
Then its IP masq and firewall time.
> For example, if I try to traceroute to
> 210.212.236.105, it reaches the correct card in the
> firewall but from there it times out. (no ipchain
> rules running right now).
Because you have gateways set in our routes where they shouln't be.
Kind Regards
Crispin Wellington
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: