* Problem about LAN/DMZ
@ 2006-08-22 19:32 Per Jørgensen
2006-08-23 7:57 ` Gáspár Lajos
2006-08-23 15:37 ` P-O-M - cvs server down? Pablo Sanchez
0 siblings, 2 replies; 5+ messages in thread
From: Per Jørgensen @ 2006-08-22 19:32 UTC (permalink / raw)
To: netfilter
Hey Netfilter!
I have been studying netfilter for several days now for building my own
firewall. But have ran into a problem and goes like this:
The machine Soekris 4801 Debian Sarge is my firewall
eth0 --> WAN --> Directly connected to the internet
eth1 --> LAN --> 172.16.0.0/24 --> eth1 address 0.1
eth2 --> DMZ --> 172.16.10.0/24 --> eth2 address 10.1
I have installed bind and are running perfectly and NSLOOKUP are showing
the coorectly things
In the zone file I have named the servers with their external IP.
The IPTABLES script are an bash file with these rules for:
the interfaces:
lan:
$IPTABLES -A INPUT -i $LAN -m state --state NEW -j ACCEPT
dmz:
$IPTABLES -A dmz -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A dmz -s $LAN_NET -m state --state NEW -j ACCEPT
wan:
$IPTABLES -A wan -m state --state ESTABLISHED,RELATED -j ACCEPT
The connections:
lantowan:
$IPTABLES -A lantowan -s $LAN_NET -j ACCEPT
lantodmz:
$IPTABLES -A lantodmz -s $LAN_NET -j ACCEPT
dmztolan:
$IPTABLES -A dmztolan -o $LAN -m state --state ESTABLISHED,RELATED -j ACCEPT
dmztowan:
$IPTABLES -A dmztolan -i $DMZ -o $WAN -p tcp --dport 25 -j ACCEPT
$IPTABLES -A dmztowan -o $WAN -m state --state ESTABLISHED,RELATED -j
ACCEPT
wantolan:
$IPTABLES -A wantolan -m state --state ESTABLISHED,RELATED -j ACCEPT
wantodmz:
## HTTP ##
$IPTABLES -t nat -A PREROUTING -d $WAN_IP -p tcp --dport 80 -j DNAT
--to-destination $ATLANTIS:80
$IPTABLES -A wantodmz -d $ATLANTIS -p tcp --dport 80 -j ACCEPT
## SSH ##
$IPTABLES -t nat -A PREROUTING -d $WAN_IP -p tcp --dport 22 -j DNAT
--to-destination $ATLANTIS:22
$IPTABLES -A wantodmz -s $SSH -d $ATLANTIS -p tcp --dport 22 -j ACCEPT
## SMTP ##
$IPTABLES -t nat -A PREROUTING -d $WAN_IP -p tcp --dport 25 -j DNAT
--to-destination $ATLANTIS:25
$IPTABLES -A wantodmz -d $ATLANTIS -p tcp --dport 25 -j ACCEPT
## IMAP ##
$IPTABLES -t nat -A PREROUTING -d $WAN_IP -p tcp --dport 143 -j DNAT
--to-destination $ATLANTIS:143
$IPTABLES -A wantodmz -d $ATLANTIS -p tcp --dport 143 -j ACCEPT
the masquerade:
$IPTABLES -t nat -A POSTROUTING -s $DMZ_NET -o $WAN -j SNAT --to-source
$WAN_IP
$IPTABLES -t nat -A POSTROUTING -s $LAN_NET -o $WAN -j SNAT --to-source
$WAN_IP
Apending the chains:
$IPTABLES -A INPUT -i $WAN -j wan
$IPTABLES -A INPUT -i $LAN -j lan
$IPTABLES -A INPUT -i $DMZ -j dmz
$IPTABLES -A FORWARD -i $WAN -o $DMZ -j wantodmz
$IPTABLES -A FORWARD -i $WAN -o $LAN -j wantolan
$IPTABLES -A FORWARD -i $DMZ -o $WAN -j dmztowan
$IPTABLES -A FORWARD -i $DMZ -o $LAN -j dmztolan
$IPTABLES -A FORWARD -i $LAN -o $DMZ -j lantodmz
$IPTABLES -A FORWARD -i $LAN -o $WAN -j lantowan
The funny part is that it was working earliere today - And afterwards
setting it all up - I did a reboot and deleted the uncommented lines
- (And perhaps deleted an role) I have lost the look for where this
should be - and hopefully I'll be able to get some help here????
Thanks
--
-----------------------------
Med Venlig Hilsen
Per Jørgensen
Stud. datamatiker
Datamatiker udd. CEUS
pj4a@dmusyd.edu
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Problem about LAN/DMZ
2006-08-22 19:32 Problem about LAN/DMZ Per Jørgensen
@ 2006-08-23 7:57 ` Gáspár Lajos
2006-08-23 8:03 ` Per Jørgensen
2006-08-23 15:37 ` P-O-M - cvs server down? Pablo Sanchez
1 sibling, 1 reply; 5+ messages in thread
From: Gáspár Lajos @ 2006-08-23 7:57 UTC (permalink / raw)
To: Per Jørgensen; +Cc: netfilter
Per Jørgensen wrote:
> Hey Netfilter!
> I have been studying netfilter for several days now for building my
> own firewall. But have ran into a problem and goes like this:
> The machine Soekris 4801 Debian Sarge is my firewall
> eth0 --> WAN --> Directly connected to the internet
> eth1 --> LAN --> 172.16.0.0/24 --> eth1 address 0.1
> eth2 --> DMZ --> 172.16.10.0/24 --> eth2 address 10.1
> I have installed bind and are running perfectly and NSLOOKUP are
> showing the coorectly things
> In the zone file I have named the servers with their external IP.
>
> The IPTABLES script are an bash file with these rules for:
> the interfaces:
> lan:
> $IPTABLES -A INPUT -i $LAN -m state --state NEW -j ACCEPT
> dmz:
> $IPTABLES -A dmz -m state --state ESTABLISHED,RELATED -j ACCEPT
> $IPTABLES -A dmz -s $LAN_NET -m state --state NEW -j ACCEPT
> wan:
> $IPTABLES -A wan -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> The connections:
> lantowan:
> $IPTABLES -A lantowan -s $LAN_NET -j ACCEPT
> lantodmz:
> $IPTABLES -A lantodmz -s $LAN_NET -j ACCEPT
> dmztolan:
> $IPTABLES -A dmztolan -o $LAN -m state --state ESTABLISHED,RELATED -j
> ACCEPT
> dmztowan:
> $IPTABLES -A dmztolan -i $DMZ -o $WAN -p tcp --dport 25 -j ACCEPT
> $IPTABLES -A dmztowan -o $WAN -m state --state ESTABLISHED,RELATED -j
> ACCEPT
> wantolan:
> $IPTABLES -A wantolan -m state --state ESTABLISHED,RELATED -j ACCEPT
> wantodmz:
> ## HTTP ##
> $IPTABLES -t nat -A PREROUTING -d $WAN_IP -p tcp --dport 80 -j DNAT
> --to-destination $ATLANTIS:80
> $IPTABLES -A wantodmz -d $ATLANTIS -p tcp --dport 80 -j ACCEPT
> ## SSH ##
> $IPTABLES -t nat -A PREROUTING -d $WAN_IP -p tcp --dport 22 -j DNAT
> --to-destination $ATLANTIS:22
> $IPTABLES -A wantodmz -s $SSH -d $ATLANTIS -p tcp --dport 22 -j ACCEPT
> ## SMTP ##
> $IPTABLES -t nat -A PREROUTING -d $WAN_IP -p tcp --dport 25 -j DNAT
> --to-destination $ATLANTIS:25
> $IPTABLES -A wantodmz -d $ATLANTIS -p tcp --dport 25 -j ACCEPT
> ## IMAP ##
> $IPTABLES -t nat -A PREROUTING -d $WAN_IP -p tcp --dport 143 -j DNAT
> --to-destination $ATLANTIS:143
> $IPTABLES -A wantodmz -d $ATLANTIS -p tcp --dport 143 -j ACCEPT
>
> the masquerade:
> $IPTABLES -t nat -A POSTROUTING -s $DMZ_NET -o $WAN -j SNAT
> --to-source $WAN_IP
> $IPTABLES -t nat -A POSTROUTING -s $LAN_NET -o $WAN -j SNAT
> --to-source $WAN_IP
>
> Apending the chains:
> $IPTABLES -A INPUT -i $WAN -j wan
> $IPTABLES -A INPUT -i $LAN -j lan
> $IPTABLES -A INPUT -i $DMZ -j dmz
> $IPTABLES -A FORWARD -i $WAN -o $DMZ -j wantodmz
> $IPTABLES -A FORWARD -i $WAN -o $LAN -j wantolan
> $IPTABLES -A FORWARD -i $DMZ -o $WAN -j dmztowan
> $IPTABLES -A FORWARD -i $DMZ -o $LAN -j dmztolan
> $IPTABLES -A FORWARD -i $LAN -o $DMZ -j lantodmz
> $IPTABLES -A FORWARD -i $LAN -o $WAN -j lantowan
>
> The funny part is that it was working earliere today - And afterwards
> setting it all up - I did a reboot and deleted the uncommented lines
> - (And perhaps deleted an role) I have lost the look for where this
> should be - and hopefully I'll be able to get some help here????
> Thanks
>
I have reordered and hopefuly repaired your script and added some comments:
#eth0 --> WAN --> Directly connected to the internet
#eth1 --> LAN --> 172.16.0.0/24 --> eth1 address 0.1
#eth2 --> DMZ --> 172.16.10.0/24 --> eth2 address 10.1
$IPTABLES -F nat
$IPTABLES -X nat 2>/dev/null
$IPTABLES -F filter
$IPTABLES -X filter 2>/dev/null
$IPTABLES -P nat PREROUTING ACCEPT
$IPTABLES -P nat POSTROUTING ACCEPT
$IPTABLES -P nat OUTPUT ACCEPT
$IPTABLES -P filter INPUT DROP
$IPTABLES -P filter FORWARD DROP
$IPTABLES -P filter OUTPUT ACCEPT
## COMMON ##
$IPTABLES -X connected 2>/dev/null
$IPTABLES -A connected -m state --state ESTABLISHED,RELATED -j ACCEPT
## NAT ##
# PREROUTING #
$IPTABLES -t nat -A PREROUTING -d $WAN_IP -p tcp -m multiport --dports
22,25,80,143 -j DNAT --to-destination $ATLANTIS
#$IPTABLES -t nat -A PREROUTING -d $WAN_IP -p tcp --dport 22 -j DNAT
--to-destination $ATLANTIS:22
#$IPTABLES -t nat -A PREROUTING -d $WAN_IP -p tcp --dport 25 -j DNAT
--to-destination $ATLANTIS:25
#$IPTABLES -t nat -A PREROUTING -d $WAN_IP -p tcp --dport 80 -j DNAT
--to-destination $ATLANTIS:80
#$IPTABLES -t nat -A PREROUTING -d $WAN_IP -p tcp --dport 143 -j DNAT
--to-destination $ATLANTIS:143
# POSTROUTING #
$IPTABLES -t nat -A POSTROUTING -o $WAN -j SNAT --to-source $WAN_IP
#$IPTABLES -t nat -A POSTROUTING -s $DMZ_NET -o $WAN -j SNAT --to-source
$WAN_IP
#$IPTABLES -t nat -A POSTROUTING -s $LAN_NET -o $WAN -j SNAT --to-source
$WAN_IP
## FILTER ##
# INPUT #
$IPTABLES -A INPUT -j connected
$IPTABLES -A INPUT -j ACCEPT ! -i $WAN
#$IPTABLES -A wan -m state --state ESTABLISHED,RELATED -j ACCEPT
#$IPTABLES -A INPUT -i $WAN -j wan
#$IPTABLES -A INPUT -i $LAN -m state --state NEW -j ACCEPT
#$IPTABLES -A INPUT -i $LAN -j lan
#$IPTABLES -A dmz -m state --state ESTABLISHED,RELATED -j ACCEPT
#$IPTABLES -A dmz -s $LAN_NET -m state --state NEW -j ACCEPT #??????????
Interface=DMZ AND Source=172.16.0.0/24 ????????????
#$IPTABLES -A INPUT -i $DMZ -j dmz
# FORWARD #
$IPTABLES -A FORWARD -j connected
$IPTABLES -X atlantis 2>/dev/null
$IPTABLES -A atlantis
$IPTABLES -A atlantis -p tcp --dport 22 -s $SSH -j ACCEPT
$IPTABLES -A atlantis -p tcp --dport 25 -j ACCEPT
$IPTABLES -A atlantis -p tcp --dport 80 -j ACCEPT
$IPTABLES -A atlantis -p tcp --dport 143 -j ACCEPT
$IPTABLES -X wantodmz 2>/dev/null
$IPTABLES -A wantodmz -d $ATLANTIS -j atlantis
$IPTABLES -A FORWARD -i $WAN -o $DMZ -j wantodmz
#$IPTABLES -A wantolan -m state --state ESTABLISHED,RELATED -j ACCEPT
#$IPTABLES -A FORWARD -i $WAN -o $LAN -j wantolan
#$IPTABLES -A dmztowan -o $WAN -m state --state ESTABLISHED,RELATED -j
ACCEPT
#$IPTABLES -A FORWARD -i $DMZ -o $WAN -j dmztowan
$IPTABLES -X dmztolan 2>/dev/null
#$IPTABLES -A dmztolan -o $LAN -m state --state ESTABLISHED,RELATED -j
ACCEPT
#$IPTABLES -A dmztolan -i $DMZ -o $WAN -p tcp --dport 25 -j ACCEPT #
!!!! NEVER GET USED !!!! -o $LAN OR -o $WAN ??????
$IPTABLES -A dmztolan -i $DMZ -p tcp --dport 25 -j ACCEPT # THIS WORKS !!!
$IPTABLES -A FORWARD -i $DMZ -o $LAN -j dmztolan
$IPTABLES -X lantodmz 2>/dev/null
$IPTABLES -A lantodmz -s $LAN_NET -j ACCEPT
$IPTABLES -A FORWARD -i $LAN -o $DMZ -j lantodmz
$IPTABLES -X lantowan 2>/dev/null
$IPTABLES -A lantowan -s $LAN_NET -j ACCEPT
$IPTABLES -A FORWARD -i $LAN -o $WAN -j lantowan
Swifty
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Problem about LAN/DMZ
2006-08-23 7:57 ` Gáspár Lajos
@ 2006-08-23 8:03 ` Per Jørgensen
0 siblings, 0 replies; 5+ messages in thread
From: Per Jørgensen @ 2006-08-23 8:03 UTC (permalink / raw)
To: Gáspár Lajos, netfilter
Gáspár Lajos skrev:
> Per Jørgensen wrote:
>> Hey Netfilter!
>> I have been studying netfilter for several days now for building my
>> own firewall. But have ran into a problem and goes like this:
>> The machine Soekris 4801 Debian Sarge is my firewall
>> eth0 --> WAN --> Directly connected to the internet
>> eth1 --> LAN --> 172.16.0.0/24 --> eth1 address 0.1
>> eth2 --> DMZ --> 172.16.10.0/24 --> eth2 address 10.1
>> I have installed bind and are running perfectly and NSLOOKUP are
>> showing the coorectly things
>> In the zone file I have named the servers with their external IP.
>>
>> The IPTABLES script are an bash file with these rules for:
>> the interfaces:
>> lan:
>> $IPTABLES -A INPUT -i $LAN -m state --state NEW -j ACCEPT
>> dmz:
>> $IPTABLES -A dmz -m state --state ESTABLISHED,RELATED -j ACCEPT
>> $IPTABLES -A dmz -s $LAN_NET -m state --state NEW -j ACCEPT
>> wan:
>> $IPTABLES -A wan -m state --state ESTABLISHED,RELATED -j ACCEPT
>>
>> The connections:
>> lantowan:
>> $IPTABLES -A lantowan -s $LAN_NET -j ACCEPT
>> lantodmz:
>> $IPTABLES -A lantodmz -s $LAN_NET -j ACCEPT
>> dmztolan:
>> $IPTABLES -A dmztolan -o $LAN -m state --state ESTABLISHED,RELATED -j
>> ACCEPT
>> dmztowan:
>> $IPTABLES -A dmztolan -i $DMZ -o $WAN -p tcp --dport 25 -j ACCEPT
>> $IPTABLES -A dmztowan -o $WAN -m state --state ESTABLISHED,RELATED -j
>> ACCEPT
>> wantolan:
>> $IPTABLES -A wantolan -m state --state ESTABLISHED,RELATED -j ACCEPT
>> wantodmz:
>> ## HTTP ##
>> $IPTABLES -t nat -A PREROUTING -d $WAN_IP -p tcp --dport 80 -j DNAT
>> --to-destination $ATLANTIS:80
>> $IPTABLES -A wantodmz -d $ATLANTIS -p tcp --dport 80 -j ACCEPT
>> ## SSH ##
>> $IPTABLES -t nat -A PREROUTING -d $WAN_IP -p tcp --dport 22 -j DNAT
>> --to-destination $ATLANTIS:22
>> $IPTABLES -A wantodmz -s $SSH -d $ATLANTIS -p tcp --dport 22 -j ACCEPT
>> ## SMTP ##
>> $IPTABLES -t nat -A PREROUTING -d $WAN_IP -p tcp --dport 25 -j DNAT
>> --to-destination $ATLANTIS:25
>> $IPTABLES -A wantodmz -d $ATLANTIS -p tcp --dport 25 -j ACCEPT
>> ## IMAP ##
>> $IPTABLES -t nat -A PREROUTING -d $WAN_IP -p tcp --dport 143 -j DNAT
>> --to-destination $ATLANTIS:143
>> $IPTABLES -A wantodmz -d $ATLANTIS -p tcp --dport 143 -j ACCEPT
>>
>> the masquerade:
>> $IPTABLES -t nat -A POSTROUTING -s $DMZ_NET -o $WAN -j SNAT
>> --to-source $WAN_IP
>> $IPTABLES -t nat -A POSTROUTING -s $LAN_NET -o $WAN -j SNAT
>> --to-source $WAN_IP
>>
>> Apending the chains:
>> $IPTABLES -A INPUT -i $WAN -j wan
>> $IPTABLES -A INPUT -i $LAN -j lan
>> $IPTABLES -A INPUT -i $DMZ -j dmz
>> $IPTABLES -A FORWARD -i $WAN -o $DMZ -j wantodmz
>> $IPTABLES -A FORWARD -i $WAN -o $LAN -j wantolan
>> $IPTABLES -A FORWARD -i $DMZ -o $WAN -j dmztowan
>> $IPTABLES -A FORWARD -i $DMZ -o $LAN -j dmztolan
>> $IPTABLES -A FORWARD -i $LAN -o $DMZ -j lantodmz
>> $IPTABLES -A FORWARD -i $LAN -o $WAN -j lantowan
>>
>> The funny part is that it was working earliere today - And afterwards
>> setting it all up - I did a reboot and deleted the uncommented
>> lines - (And perhaps deleted an role) I have lost the look for
>> where this should be - and hopefully I'll be able to get some help
>> here????
>> Thanks
>>
> I have reordered and hopefuly repaired your script and added some
> comments:
>
> #eth0 --> WAN --> Directly connected to the internet
> #eth1 --> LAN --> 172.16.0.0/24 --> eth1 address 0.1
> #eth2 --> DMZ --> 172.16.10.0/24 --> eth2 address 10.1
>
> $IPTABLES -F nat
> $IPTABLES -X nat 2>/dev/null
>
> $IPTABLES -F filter
> $IPTABLES -X filter 2>/dev/null
>
> $IPTABLES -P nat PREROUTING ACCEPT
> $IPTABLES -P nat POSTROUTING ACCEPT
> $IPTABLES -P nat OUTPUT ACCEPT
>
> $IPTABLES -P filter INPUT DROP
> $IPTABLES -P filter FORWARD DROP
> $IPTABLES -P filter OUTPUT ACCEPT
>
> ## COMMON ##
>
> $IPTABLES -X connected 2>/dev/null
> $IPTABLES -A connected -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> ## NAT ##
>
> # PREROUTING #
>
> $IPTABLES -t nat -A PREROUTING -d $WAN_IP -p tcp -m multiport
> --dports 22,25,80,143 -j DNAT --to-destination $ATLANTIS
> #$IPTABLES -t nat -A PREROUTING -d $WAN_IP -p tcp --dport 22 -j DNAT
> --to-destination $ATLANTIS:22
> #$IPTABLES -t nat -A PREROUTING -d $WAN_IP -p tcp --dport 25 -j DNAT
> --to-destination $ATLANTIS:25
> #$IPTABLES -t nat -A PREROUTING -d $WAN_IP -p tcp --dport 80 -j DNAT
> --to-destination $ATLANTIS:80
> #$IPTABLES -t nat -A PREROUTING -d $WAN_IP -p tcp --dport 143 -j DNAT
> --to-destination $ATLANTIS:143
>
> # POSTROUTING #
>
> $IPTABLES -t nat -A POSTROUTING -o $WAN -j SNAT --to-source $WAN_IP
> #$IPTABLES -t nat -A POSTROUTING -s $DMZ_NET -o $WAN -j SNAT
> --to-source $WAN_IP
> #$IPTABLES -t nat -A POSTROUTING -s $LAN_NET -o $WAN -j SNAT
> --to-source $WAN_IP
>
> ## FILTER ##
>
> # INPUT #
>
> $IPTABLES -A INPUT -j connected
> $IPTABLES -A INPUT -j ACCEPT ! -i $WAN
>
>
> #$IPTABLES -A wan -m state --state ESTABLISHED,RELATED -j ACCEPT
> #$IPTABLES -A INPUT -i $WAN -j wan
>
> #$IPTABLES -A INPUT -i $LAN -m state --state NEW -j ACCEPT
> #$IPTABLES -A INPUT -i $LAN -j lan
>
> #$IPTABLES -A dmz -m state --state ESTABLISHED,RELATED -j ACCEPT
> #$IPTABLES -A dmz -s $LAN_NET -m state --state NEW -j ACCEPT
> #?????????? Interface=DMZ AND Source=172.16.0.0/24 ????????????
> #$IPTABLES -A INPUT -i $DMZ -j dmz
>
> # FORWARD #
>
> $IPTABLES -A FORWARD -j connected
>
> $IPTABLES -X atlantis 2>/dev/null
> $IPTABLES -A atlantis
> $IPTABLES -A atlantis -p tcp --dport 22 -s $SSH -j ACCEPT
> $IPTABLES -A atlantis -p tcp --dport 25 -j ACCEPT
> $IPTABLES -A atlantis -p tcp --dport 80 -j ACCEPT
> $IPTABLES -A atlantis -p tcp --dport 143 -j ACCEPT
> $IPTABLES -X wantodmz 2>/dev/null
> $IPTABLES -A wantodmz -d $ATLANTIS -j atlantis
> $IPTABLES -A FORWARD -i $WAN -o $DMZ -j wantodmz
>
> #$IPTABLES -A wantolan -m state --state ESTABLISHED,RELATED -j ACCEPT
> #$IPTABLES -A FORWARD -i $WAN -o $LAN -j wantolan
>
> #$IPTABLES -A dmztowan -o $WAN -m state --state ESTABLISHED,RELATED -j
> ACCEPT
> #$IPTABLES -A FORWARD -i $DMZ -o $WAN -j dmztowan
>
> $IPTABLES -X dmztolan 2>/dev/null
> #$IPTABLES -A dmztolan -o $LAN -m state --state ESTABLISHED,RELATED -j
> ACCEPT
> #$IPTABLES -A dmztolan -i $DMZ -o $WAN -p tcp --dport 25 -j ACCEPT #
> !!!! NEVER GET USED !!!! -o $LAN OR -o $WAN ??????
> $IPTABLES -A dmztolan -i $DMZ -p tcp --dport 25 -j ACCEPT # THIS WORKS
> !!!
> $IPTABLES -A FORWARD -i $DMZ -o $LAN -j dmztolan
>
> $IPTABLES -X lantodmz 2>/dev/null
> $IPTABLES -A lantodmz -s $LAN_NET -j ACCEPT
> $IPTABLES -A FORWARD -i $LAN -o $DMZ -j lantodmz
>
> $IPTABLES -X lantowan 2>/dev/null
> $IPTABLES -A lantowan -s $LAN_NET -j ACCEPT
> $IPTABLES -A FORWARD -i $LAN -o $WAN -j lantowan
>
> Swifty
Thanks Swifty!
As I can see from your writing there´s still a lot of rewriting still
for mee to do!
I will try your script when I come home from school!
I added following line in my script late last night and got it to work.
$IPTABLES -t nat -A POSTROUTING -s $LAN_NET -d $ATLANTIS -j SNAT --to
$WAN_IP
But still I can see that there´s a lot to learn still for me - Good for
me I have now ordered the book from O´reilly
Thanks
Per Jørgensen
^ permalink raw reply [flat|nested] 5+ messages in thread
* P-O-M - cvs server down?
2006-08-22 19:32 Problem about LAN/DMZ Per Jørgensen
2006-08-23 7:57 ` Gáspár Lajos
@ 2006-08-23 15:37 ` Pablo Sanchez
2006-08-23 16:38 ` Rob Sterenborg
1 sibling, 1 reply; 5+ messages in thread
From: Pablo Sanchez @ 2006-08-23 15:37 UTC (permalink / raw)
To: netfilter
Hi,
Is the cvs server down? From two machines on different ISP's (one in Canada
and the other in Columbia) I've tried to check out netfilter in order to run
P-O-M and I'm getting 'connection refused' I can ping
'pserver.netfilter.org' which leads me to believe the cvs server isn't
running:
% cvs -d :pserver:cvs@pserver.netfilter.org:/cvspublic login
Logging in to :pserver:cvs@pserver.netfilter.org:2401/cvspublic
CVS password:
cvs [login aborted]: connect to pserver.netfilter.org(213.95.27.115):2401
failed: Connection refused
I'm following the information found on:
http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-2.h
tml#ss2.1
Which worked before. :)
Cheers,
---
Pablo Sanchez - Blueoak Database Engineering, Inc
Ph: 819.459.1926 Toll free: 888.459.1926
Cell: 819.918.9731 Pgr: pablo_p@blueoakdb.com
Fax: 603.720.7723 (US)
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: P-O-M - cvs server down?
2006-08-23 15:37 ` P-O-M - cvs server down? Pablo Sanchez
@ 2006-08-23 16:38 ` Rob Sterenborg
0 siblings, 0 replies; 5+ messages in thread
From: Rob Sterenborg @ 2006-08-23 16:38 UTC (permalink / raw)
To: netfilter
> Hi,
>
> Is the cvs server down? From two machines on different ISP's (one in
> Canada and the other in Columbia) I've tried to check out netfilter
> in order to run
> P-O-M and I'm getting 'connection refused' I can ping
> 'pserver.netfilter.org' which leads me to believe the cvs server
> isn't running:
>
> % cvs -d :pserver:cvs@pserver.netfilter.org:/cvspublic login
> Logging in to :pserver:cvs@pserver.netfilter.org:2401/cvspublic
> CVS password:
> cvs [login aborted]: connect to
> pserver.netfilter.org(213.95.27.115):2401
> failed: Connection refused
>
> I'm following the information found on:
>
> http://www.netfilter.org/documentation/HOWTO//netfilter-extens
> ions-HOWTO-2.h tml#ss2.1
>
> Which worked before. :)
Netfilter has switched from CVS to SVN.
http://www.netfilter.org/downloads.html#svn
Gr,
Rob
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2006-08-23 16:38 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-08-22 19:32 Problem about LAN/DMZ Per Jørgensen
2006-08-23 7:57 ` Gáspár Lajos
2006-08-23 8:03 ` Per Jørgensen
2006-08-23 15:37 ` P-O-M - cvs server down? Pablo Sanchez
2006-08-23 16:38 ` Rob Sterenborg
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.