Re: [TCLUG:11279] Hit The Routes!!!

To: <tclug-list@mn-linux.org>
Subject: Re: [TCLUG:11279] Hit The Routes!!!
From: "Brian J. Ackermann" <brianj@subrad.com>
Date: Tue, 21 Dec 1999 11:10:04 -0600
References: <199912210555.XAA32668@disk.mn.mtu.net>

> Ok, then this routing table looks correct for that diagram.  So now all
> you need to do is setup some firewall rules for to allow stuff to get
> out.

Ignoring the 192.168.6.x subnet for now, I'm primarily concerned with just
getting the 205.218.57.x subnet working across the firewall. I currently
have NO ipchains rules in place(all ACCEPT), and ip_forward is set to 1.
The servers gateway is set to 205.218.57.18 (this may be the problem? The
servers are connected via the hub to eth1 on the firewall, which is .18, and
eth0 is .25 -- also, pings from the server machines to 205.218.57.25
fail...they cannot see that address...).

I feel so VERY close, but still, I wish I had a mentor for this kind of
thing.  Its terribly slow going learning all on ones own.  Not that I think
there is a better way, I'll be VERY good at this when I do finally get it
working, but it is a bit embarrassing how long its taken me to get this
firewall set up...Not real good for convincing my boss that Linux may be a
good platform for us to do development on/for....

Thanks again, all of you, for your help, support, and kind words.  With you
I've come so much further than the manuals alone could have brought me.

Brian
>
> This should allow you're non-routable stuff out with masquerading.
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -P input ACCEPT
> /sbin/ipchains -P output ACCEPT
>
> /sbin/ipchains -A forward -j MASQ -s 192.168.42.0/255.255.255.0
> echo "1" > /proc/sys/net/ipv4/ip_forward
>
> Then if you set the default gateway on the server block to
> 205.218.57.25, I would expect it to work just fine.  I'm no network
> guru, but from my experience with various systems this should work.
>
> --
> Jon Schewe
> http://eggplant.mtu.net/~jpschewe
> schewe@tcfreenet.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org
>
>

Follow-Ups:
- Re: [TCLUG:11279] Hit The Routes!!!
  - From: schewe@tcfreenet.org
- Re: [TCLUG:11279] Hit The Routes!!!
  - From: schewe@tcfreenet.org

References:
- Re: [TCLUG:11279] Hit The Routes!!!
  - From: schewe@tcfreenet.org

Prev by Date: distros for newbies?
Next by Date: Sendmail log analysis
Prev by thread: Re: [TCLUG:11279] Hit The Routes!!!
Next by thread: Re: [TCLUG:11279] Hit The Routes!!!
Index(es):
- Date
- Thread