Re: 3nics and routing...

To: debian-user@lists.debian.org
Cc: crispin@aeonline.net
Subject: Re: 3nics and routing...
From: Suresh Kumar R <sureshontour@yahoo.com>
Date: Fri, 12 Apr 2002 05:44:47 -0700 (PDT)
Message-id: <[🔎] 20020412124447.18915.qmail@web10802.mail.yahoo.com>
In-reply-to: <20020412123901.57187.qmail@web10806.mail.yahoo.com>

Hi,

I tried what you said, still from my dmz and internal
lan I am unable to go out of my firewall box. From al
machines I can ping all the three cards of firewall
box but nothing beyond.

This is the output of route command now:

Destination     Gateway         Genmask         Flags
Metric Ref    Use Iface
210.212.236.105 *               255.255.255.255 UH   
0      0        0 eth0
210.212.236.112 *               255.255.255.240 U    
0      0        0 eth2
192.168.100.0   *               255.255.255.0   U    
0      0        0 eth1
default         210.212.236.105 0.0.0.0         UG   
0      0        0 eth0

cat /proc/sys/net/ipv4/ip_forward gives out 1.

Ping to 210.212.236.105 also times out as usual....

Any suggestions please...

Suresh
--- Suresh Kumar R <sureshontour@yahoo.com> wrote:
> On Thu, 2002-04-11 at 14:58, Suresh Kumar R wrote:
> > Hi,
> > 
> > I am trying to setup a linux (debian potato,
> kernel
> > 2.2.19) box as a firewall . I have 3 nics on it.
> > 
> > First one(210.212.236.97) connected to my cisco
> > router. 2rd card (eth1) to internal lan with pvt
> ips.
> > Third(eth2) (210.212.236.113) one to a hub which
> > connects to my machines with public ips (my
> dmz).my
> > dmz has  proxy/mail/web servers.
> > 
> >     I am able to ping to router access net from
> the
> > firewall but able to ping even the router
> > (210.212.236.105) from other machines connected to
> > eth1 or eth2. From all machines, I can ping all
> cards
> > in the
> > firewall.
> 
> echo "1" > /proc/sys/net/ipv4/ip_forward
> and change ip_forward to 'yes' in
> /etc/network/options
> for setting it on
> boot up.
> 
> clear all the routes and add these
> 
> #route to the DMZ
> route add -net 210.212.236.112 netmask
> 255.255.255.240
> dev eth2
> 
> #route to the cisco
> route add -host 210.212.236.105 dev eth0
> 
> #route to the private lan
> route add -net 192.168.100.0 netmask 255.255.255.0
> dev
> eth1
> 
> #default route out to the net via cisco
> route add default gw 210.212.236.105
> 
> Make sure machines on the DMZ have their gateway set
> to 210.212.236.113
> Make sure the machines on the lan have their gateway
> set to
> 192.168.100.254 (I assume thats the IP of eth1)
> Make sure the cisco's default route is outward to
> the
> net, and all other
> ip/nm (DMZ and your box, but not lan) are routed
> towards your box.
> 
> Then its IP masq and firewall time.
> 
> > For example, if I try to traceroute to
> > 210.212.236.105, it reaches the correct card in
> the
> > firewall but from there it times out. (no ipchain
> > rules running right now).
> 
> Because you have gateways set in our routes where
> they
> shouln't be.
> 
> Kind Regards
> Crispin Wellington
> 
> 
> 



=====
Suresh Kumar R.
Assistant Professor
Dept of Electronics & Communication
College of Engineering, 
Thiruvananthapuram - 695 016, INDIA
Email : sureshkumar@ieee.org
Phone : 91-471-515660/515653/595634

__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: 3nics and routing...
  - From: Crispin Wellington <crispin@aeonline.net>

Prev by Date: rinetd error
Next by Date: Re: Long Distance Phone only 1.8 cents a minute
Previous by thread: Re: 3nics and routing...
Next by thread: Re: 3nics and routing...
Index(es):
- Date
- Thread