* help with routing/firewall
@ 2003-12-18 18:01 Fred Gurn
2003-12-18 18:08 ` Juan Hernandez
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Fred Gurn @ 2003-12-18 18:01 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 585 bytes --]
Hi,
I have set up suse linux as bridge/firewall.
Simple configuration.
eth0 internet
eth1 local net
Everything accepted from eth1, nothing from eth0, traffic from eth1 is routed to internet.
IP forwarding is enabled.
From local net I can ping eth1 and eth0 (that means machine is routing packets), but I cant go outside eth0. Same happens when ther is no firewall. What's the problem with routing?
What comands can I use to monitor what is happening with packets?
Tahnks in advance.
---------------------------------
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing
[-- Attachment #2: Type: text/html, Size: 786 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* RE: help with routing/firewall
2003-12-18 18:01 help with routing/firewall Fred Gurn
@ 2003-12-18 18:08 ` Juan Hernandez
2003-12-18 18:15 ` Ian Hunter
2003-12-18 18:19 ` Jeffrey Laramie
2003-12-18 20:46 ` Rob Sterenborg
2 siblings, 1 reply; 8+ messages in thread
From: Juan Hernandez @ 2003-12-18 18:08 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 1129 bytes --]
Mmm im not sure if we are able to help you that way. that would be
making the job for you I guess. correct me if I'm wrong. Read some
manuals, get a grip in netfilter and if you don't understand something,
we'll help you.
Juan
-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Fred Gurn
Sent: jueves, 18 de diciembre de 2003 14:01
To: netfilter@lists.netfilter.org
Subject: help with routing/firewall
Hi,
I have set up suse linux as bridge/firewall.
Simple configuration.
eth0 internet
eth1 local net
Everything accepted from eth1, nothing from eth0, traffic from eth1 is
routed to internet.
IP forwarding is enabled.
From local net I can ping eth1 and eth0 (that means machine is routing
packets), but I cant go outside eth0. Same happens when ther is no
firewall. What's the problem with routing?
What comands can I use to monitor what is happening with packets?
Tahnks in advance.
_____
Do you Yahoo!?
New
<http://pa.yahoo.com/*http:/us.rd.yahoo.com/evt=21260/*http:/photos.yaho
o.com> Yahoo! Photos - easier uploading and sharing
[-- Attachment #2: Type: text/html, Size: 8873 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: help with routing/firewall
2003-12-18 18:08 ` Juan Hernandez
@ 2003-12-18 18:15 ` Ian Hunter
2003-12-18 18:33 ` Jeffrey Laramie
2003-12-18 19:11 ` Togan Muftuoglu
0 siblings, 2 replies; 8+ messages in thread
From: Ian Hunter @ 2003-12-18 18:15 UTC (permalink / raw)
To: netfilter
SuSE comes with a script called SuSEfirewall that automatically configures
things for you. You probably don't want that if you're talking to folks on
this list.
See if you have iptables or ipchains -- type iptables-save and if you get
output, post it to the list and we'll see what SuSE is doing firewall wise.
----- Original Message -----
From: "Juan Hernandez" <alucard@kanux.com>
To: <netfilter@lists.netfilter.org>
Sent: Thursday, December 18, 2003 1:08 PM
Subject: RE: help with routing/firewall
> Mmm im not sure if we are able to help you that way. that would be
> making the job for you I guess. correct me if I'm wrong. Read some
> manuals, get a grip in netfilter and if you don't understand something,
> we'll help you.
>
> Juan
>
>
> -----Original Message-----
> From: netfilter-admin@lists.netfilter.org
> [mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Fred Gurn
> Sent: jueves, 18 de diciembre de 2003 14:01
> To: netfilter@lists.netfilter.org
> Subject: help with routing/firewall
>
> Hi,
> I have set up suse linux as bridge/firewall.
> Simple configuration.
> eth0 internet
> eth1 local net
> Everything accepted from eth1, nothing from eth0, traffic from eth1 is
> routed to internet.
> IP forwarding is enabled.
> >From local net I can ping eth1 and eth0 (that means machine is routing
> packets), but I cant go outside eth0. Same happens when ther is no
> firewall. What's the problem with routing?
> What comands can I use to monitor what is happening with packets?
>
> Tahnks in advance.
> _____
>
> Do you Yahoo!?
> New
> <http://pa.yahoo.com/*http:/us.rd.yahoo.com/evt=21260/*http:/photos.yaho
> o.com> Yahoo! Photos - easier uploading and sharing
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: help with routing/firewall
2003-12-18 18:01 help with routing/firewall Fred Gurn
2003-12-18 18:08 ` Juan Hernandez
@ 2003-12-18 18:19 ` Jeffrey Laramie
2003-12-18 20:46 ` Rob Sterenborg
2 siblings, 0 replies; 8+ messages in thread
From: Jeffrey Laramie @ 2003-12-18 18:19 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/html, Size: 1419 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: help with routing/firewall
2003-12-18 18:15 ` Ian Hunter
@ 2003-12-18 18:33 ` Jeffrey Laramie
2003-12-18 19:11 ` Togan Muftuoglu
1 sibling, 0 replies; 8+ messages in thread
From: Jeffrey Laramie @ 2003-12-18 18:33 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/html, Size: 1084 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: help with routing/firewall
2003-12-18 18:15 ` Ian Hunter
2003-12-18 18:33 ` Jeffrey Laramie
@ 2003-12-18 19:11 ` Togan Muftuoglu
1 sibling, 0 replies; 8+ messages in thread
From: Togan Muftuoglu @ 2003-12-18 19:11 UTC (permalink / raw)
To: netfilter
* Ian Hunter; <ihunter@hunterweb.net> on 18 Dec, 2003 wrote:
>SuSE comes with a script called SuSEfirewall that automatically configures
>things for you. You probably don't want that if you're talking to folks on
>this list.
>
>See if you have iptables or ipchains -- type iptables-save and if you get
>output, post it to the list and we'll see what SuSE is doing firewall wise.
http://sourceforge.net/projects/susefaq has an unofficial manual for
SuSEfirewall.
And no SuSUfirewall does not automatically configures anything
especially when it is security :-)
--
Togan Muftuoglu
^ permalink raw reply [flat|nested] 8+ messages in thread
* help with routing/firewall
@ 2003-12-18 19:29 Togan Muftuoglu
0 siblings, 0 replies; 8+ messages in thread
From: Togan Muftuoglu @ 2003-12-18 19:29 UTC (permalink / raw)
To: netfilter
* Ian Hunter; <ihunter@hunterweb.net> on 18 Dec, 2003 wrote:
>SuSE comes with a script called SuSEfirewall that automatically configures
>things for you. You probably don't want that if you're talking to folks on
>this list.
>
>See if you have iptables or ipchains -- type iptables-save and if you get
>output, post it to the list and we'll see what SuSE is doing firewall wise.
http://sourceforge.net/projects/susefaq has an unofficial manual for
SuSEfirewall.
And no SuSEfirewall does not automatically configures anything
especially when it is security :-)
--
Togan Muftuoglu
^ permalink raw reply [flat|nested] 8+ messages in thread
* RE: help with routing/firewall
2003-12-18 18:01 help with routing/firewall Fred Gurn
2003-12-18 18:08 ` Juan Hernandez
2003-12-18 18:19 ` Jeffrey Laramie
@ 2003-12-18 20:46 ` Rob Sterenborg
2 siblings, 0 replies; 8+ messages in thread
From: Rob Sterenborg @ 2003-12-18 20:46 UTC (permalink / raw)
To: netfilter
> Simple configuration.
> eth0 internet
> eth1 local net
> Everything accepted from eth1, nothing from eth0,
> traffic from eth1 is routed to internet.
> IP forwarding is enabled.
> From local net I can ping eth1 and eth0 (that means
> machine is routing packets), but I cant go outside
> eth0. Same happens when ther is no firewall. What's
> the problem with routing?
> What comands can I use to monitor what is happening
> with packets?
So do your masq/snat rules look like ?
Should be something like :
(echo "0" > /proc/sys/net/ipv4/ip_forward)
iptables -P FORWARD DROP
iptables -A FORWARD -i eth1 -o eth0 -s <local_net> \
-j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -s <local_net> \
-j SNAT --to-source <inet_ip> ** OR **
iptables -t nat -A POSTROUTING -o eth0 -s <local_net> \
-j MASQUERADE
(echo "1" > /proc/sys/net/ipv4/ip_forward)
Gr,
Rob
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2003-12-18 20:46 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-12-18 18:01 help with routing/firewall Fred Gurn
2003-12-18 18:08 ` Juan Hernandez
2003-12-18 18:15 ` Ian Hunter
2003-12-18 18:33 ` Jeffrey Laramie
2003-12-18 19:11 ` Togan Muftuoglu
2003-12-18 18:19 ` Jeffrey Laramie
2003-12-18 20:46 ` Rob Sterenborg
-- strict thread matches above, loose matches on Subject: below --
2003-12-18 19:29 Togan Muftuoglu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox