> I tried using the GUI to set the Berofix (eth4) as the DMZ OK, I have a specific issue I'd like to understand. I am bringing up the Berofix as eth4 via a modprobe and ifconfig eth4 10.0.0.1 up in /mnt/kd/rc.elocal. To configure the Berofix, I need access to the its internal IP (10.0.0.2) via a browser on a host on my LAN. The only way I've managed to get this to work is as follows:
1. Enable IP forwarding 2. Use the Astlinux GUI to place eth4 in the DMZ 3. Add a route : ip route add to 10.0.0.0/24 via 10.0.0.1 dev eth4 Is this the only/the best way to allow this access (LAN host to other Astlinux NIC)? Could this configuration be causing the problem of traffic sometimes not being able to get from eth4 (DMZ) to eth0 (LAN)? Really reaching the end of my options here. Any help very gratefully received. Thanks Tom > Tom Chadwin , ICT & Web Development Officer Telephone: 01434 611530 Web : www.northumberlandnationalpark.org.uk IMPORTANT NOTICE - Disclaimer - October 22, 2009 - REF Email-200910-00480528. This communication is from Northumberland National Park Authority (NNPA).The Authority's head office and principal place of business is Eastburn, South Park, Hexham, Northumberland, NE46 1BS, United Kingdom. This communication and any attachments contain information which is confidential and may also be privileged. It is for the exclusive use AstLinux Users Mailing List.If you are not the intended recipient(s) please note that any form of disclosure, distribution, copying or use of this communication or the information in it or in any attachments is strictly prohibited and may be unlawful. If you have received this communication in error, please delete the email and destroy any copies of it. Any views or opinions presented are solely those of the author and do not necessarily represent those of NNPA.Contractors or potential contractors are reminded that a formal Order or Contract is needed for NNPA to be bound by any offer or acceptance of terms for the supply of goods or services Although this email and any attachments are believed to be free of any virus or other defects which might affect any computer or IT system into which they are received, no responsibility is accepted by the NNPA for any loss or damage arising in any way from the receipt or use thereof. Computer systems of this Authority may be monitored and communications carried out on them recorded, to secure the effective operation of the system and for other lawful purposes. -----Original Message----- > From: Tom Chadwin [mailto:nnpait.servi...@googlemail.com] > Sent: 21 October 2009 14:51 > To: AstLinux Users Mailing List > Subject: [Astlinux-users] Help with firewall (maybe) > > Hello > > I have a net5501 running 0.6.7 geni586. Installed is a > Berofix card with BRI daughterboard. This card interfaces > with its host via the 8139too driver. It therefore behaves > like a PCI NIC, and communication with it is via SIP. Its > "internal" IP address is 10.0.0.2. I have assigned its > "external" IP address (the one facing the host net5501) as > 10.0.0.1. This is the problem I have: > > To begin with everything works fine. Then after a while, > incoming calls on the BRI fail. They get as far as the > Berofix, but they seem not to get to Asterisk. The strange > thing is that, if I then make an outgoing call to the BRI, > incoming calls then work for a while. After that, they fail > again, and so on. > > Although I have a support ticket open with Beronet, I thought > it would be wise to ask if there might be anything which will > need configuring in Arno's firewall to make sure this can work. > > What I currently have is this, which, to be honest, is a bit > of an accretion of things over the past week or so to get it > to work (eth0 is LAN, eth1 is DSL WAN, eth4 is Berofix): > > rothburypbx ~ # cat /mnt/kd/rc.elocal > modprobe 8139too > ifconfig eth4 10.0.0.1 netmask 255.255.255.0 up echo 1 > > /proc/sys/net/ipv4/ip_forward ip route add to 10.8.243.0/24 > via 10.4.0.1 dev eth0 ip route add to 10.0.0.0/24 via > 10.0.0.1 dev eth4 > > Ignore the 10.8.243.0 route - that is over a VPN to head > office, so that voicemail emails can get to our mail server. > The 10.0.0.0 is one I tried adding, but I don't think it is > necessary, given that IP forwarding is enabled - is that correct? > > rothburypbx ~ # ifconfig > eth0 Link encap:Ethernet HWaddr 00:00:24:CA:69:50 > inet addr:10.4.0.4 Bcast:10.4.0.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:155482 errors:0 dropped:0 overruns:0 frame:0 > TX packets:161478 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:20548336 (19.5 MiB) TX bytes:40788444 (38.8 MiB) > Interrupt:11 Base address:0xe100 > > eth1 Link encap:Ethernet HWaddr 00:00:24:CA:69:51 > inet addr:[snip] Bcast:[snip] Mask:255.255.255.248 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:286 errors:0 dropped:0 overruns:0 frame:0 > TX packets:161 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:28124 (27.4 KiB) TX bytes:16787 (16.3 KiB) > Interrupt:5 Base address:0xe200 > > eth4 Link encap:Ethernet HWaddr 00:50:C2:83:D2:21 > inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:159461 errors:0 dropped:0 overruns:0 frame:0 > TX packets:138654 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:48203478 (45.9 MiB) TX bytes:27064171 (25.8 MiB) > Interrupt:10 Base address:0x4400 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:46 errors:0 dropped:0 overruns:0 frame:0 > TX packets:46 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:23432 (22.8 KiB) TX bytes:23432 (22.8 KiB) > > rothburypbx ~ # route > Kernel IP routing table > Destination Gateway Genmask Flags Metric > Ref Use Iface > [DSL subnet] * 255.255.255.248 U 0 0 > 0 eth1 > 10.8.243.0 10.4.0.1 255.255.255.0 UG 0 > 0 0 eth0 > 10.0.0.0 * 255.255.255.0 U 0 > 0 0 eth4 > 10.4.0.0 * 255.255.255.0 U 0 > 0 0 eth0 > 224.0.0.0 * 240.0.0.0 U 0 > 0 0 eth0 > default [DSL router] 0.0.0.0 UG 0 0 > 0 eth1 > > > To begin with, I had no firewall rules set up relating to the > Berofix, only to incoming connections on the DSL WAN. I tried > using the GUI to set the Berofix (eth4) as the DMZ, and then > added allow DMZ>local rules for TCP and UDP 0:65535. Still > the same symptoms. > > Can anyone see an obvious error in how I have things set up? > > Thanks again > > Tom > > -------------------------------------------------------------- > ---------------- > Come build with us! The BlackBerry(R) Developer Conference in > SF, CA is the only developer event you need to attend this > year. Jumpstart your developing skills, take BlackBerry > mobile applications to market and stay ahead of the curve. > Join us from November 9 - 12, 2009. Register now! > http://p.sf.net/sfu/devconference > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via > PayPal to pay...@krisk.org. > ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
