Re: [Astlinux-users] How to route between Internal Interfaces? [RESOLVED]

Sat, 09 Oct 2010 14:44:42 -0700 

Graham,

Normally you would set:

INTIP="192.168.7.1"
INT2IP="192.168.207.1"

as the internal interface gateways, I see you have:

INTIP="192.168.7.250"
INT2IP="192.168.207.249"

I'm not sure if that is the problem, but I would try that first.

> iPBX rc.conf.d # grep TRUST *
> user.conf:TRUSTED_IF=""
> user.conf:IF_TRUSTS="eth1 eth2"

Your probably added the user.conf entries, but forgot about them.

I would delete both the TRUSTED_IF and IF_TRUSTS lines in user.conf ( Network 
tab -> {Edit User Variables} ).

Save-Settings and restart the firewall.  Though they shouldn't have caused the 
problem.

Lonnie


On Oct 9, 2010, at 2:57 PM, Graham S. Jarvis wrote:

> Hello Lonnie,
> 
> Thanks for the quick reply.
> 
> The reason I looked up the post from 2009 was because I _have_ ticked the box
> for the firewall options "LAN to LAN" on the webGUI and this is what's in the
> gui file:
> iPBX rc.conf.d # grep ALLOWLANS *
> gui.firewall.conf:ALLOWLANS="INTIF INT2IF"
> iPBX rc.conf.d #
> 
> and just to show that the interfaces are configured:
> iPBX rc.conf.d # grep INT *
> gui.firewall.conf:ALLOWLANS="INTIF INT2IF"
> gui.network.conf:INTIF="eth1"
> gui.network.conf:INTIP="192.168.7.250"
> gui.network.conf:INTNM="255.255.255.0"
> gui.network.conf:INT2IF="eth2"
> gui.network.conf:INT2IP="192.168.207.249"
> gui.network.conf:INT2NM="255.255.255.0"
> gui.network.conf:INT3IF=""
> gui.network.conf:INT3IP=""
> gui.network.conf:INT3NM="255.255.255.0"
> iPBX rc.conf.d #
> 
> 
> I still don't get traffic from one lan to the other.
> I have a net4801 ie 3 Ethernet (eth0, eth1, eth2)
>> From iPBX (192.168.7.250) I can ping hosts on both networks.
>> From a host on 192.168.7.0 I can ping INTIF (192.168.7.250) and INT2IF 
>> (192.168.207.249)
>> From a host on 192.168.207.0 I can _only_ ping INT2IF (192.168.207.249) and 
>> not even 
> 192.168.7.250
> 
> I'm not so worried about traffic passing 207->7 in fact I'd like to block it.
> But I need to access resources on the "207" network from the "7" network
> (printers etc.)
> 
> Any ideas?  I seem to be overlooking something . . .
> 
> -Graham-
> 
> 
> PS: What's the difference between TRUSTED_IF and IF_TRUSTS
> and how do these get set up and used?
> I have:
> iPBX rc.conf.d # grep TRUST *
> user.conf:TRUSTED_IF=""
> user.conf:IF_TRUSTS="eth1 eth2"
> iPBX rc.conf.d #
> and I didn't set (any of) them by hand.
> 
> PPS/FYI:
> iPBX rc.conf.d # route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 192.168.7.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
> 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
> 192.168.207.0   0.0.0.0         255.255.255.0   U     0      0        0 eth2
> 224.0.0.0       0.0.0.0         240.0.0.0       U     0      0        0 eth2
> 224.0.0.0       0.0.0.0         240.0.0.0       U     0      0        0 eth1
> 0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth0
> iPBX rc.conf.d #
> 
> on my Windows PC (in french)
> Itinéraires actifs :
> Destination réseau    Masque réseau  Adr. passerelle   Adr. interface Métrique
>          0.0.0.0          0.0.0.0    192.168.7.250   192.168.7.207       20
>        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
>      169.254.2.0    255.255.255.0      169.254.2.2     169.254.2.2       30
>      169.254.2.2  255.255.255.255        127.0.0.1       127.0.0.1       30
>  169.254.255.255  255.255.255.255      169.254.2.2     169.254.2.2       30
>      192.168.7.0    255.255.255.0    192.168.7.207   192.168.7.207       20
>    192.168.7.207  255.255.255.255        127.0.0.1       127.0.0.1       20
>    192.168.7.255  255.255.255.255    192.168.7.207   192.168.7.207       20
>        224.0.0.0        240.0.0.0      169.254.2.2     169.254.2.2       30
>        224.0.0.0        240.0.0.0    192.168.7.207   192.168.7.207       20
>  255.255.255.255  255.255.255.255      169.254.2.2               3       1
>  255.255.255.255  255.255.255.255      169.254.2.2     169.254.2.2       1
>  255.255.255.255  255.255.255.255    192.168.7.207   192.168.7.207       1
> Passerelle par défaut :     192.168.7.250
> ===========================================================================
> Itinéraires persistants :
>  Aucun
> 
> 
> Lonnie Abelbeck wrote on 07/10/2010 00:22:
>> Hi Graham,
>> 
>> You have several options...
>> 
>> 1) The web interface allows you to specify which LAN interfaces can talk to 
>> each other
>> 
>> 2) There is a ALLOWLANS AstLinux variable...
>> 
>> ## Allow LAN to LAN traffic for internal interfaces, defaults to disallow
>> ## Space separate "INTIF" for 1st, "INT2IF" for 2nd, and "INT3IF" for 3rd 
>> Internal Interface
>> ## Separate groups using a ~ (tilde)                                         
>>                
>> #ALLOWLANS="INTIF INT2IF"
>> #ALLOWLANS="INTIF INT2IF~INTIF INT3IF" # (INTIF <=> INT2IF talk and INTIF 
>> <=> INT3IF talk, but *not* INT2IF <=> INT3IF)
>> #ALLOWLANS="INTIF INT2IF INT3IF"
>> 
>> 3) Use the IF_TRUSTS variable directly (which both above use)
>> 
>> Lonnie
>> 
>> PS: The INT_IF_TRUST variable went away in the AIF firewall some time ago, 
>> replaced by the more powerful IF_TRUSTS.
>> 


------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Astlinux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
[email protected].

Reply via email to