-----Original Message----- From: Roberto Samarone Ara�jo (RSA) <[EMAIL PROTECTED]> To: <[email protected]> Date: Fri, 23 Jan 2004 15:15:59 -0800 Subject: Debian Firewall Problems
> Hi, > > I have an Conectiva Linux firewall with the follow structure: > > Net1 (10.2.1.0/24) ---- FIREWALL1 ---- Net2 (10.255.255.0/24) > --- > FIREWALL2 ---- INTERNET > > The interface 1 (Net1) of the Firewall is 10.2.1.254 and the > interface > 2 (Net 2) is 10.255.255.250. This structure is working fine on a > Conectiva > Linux but now, I'm replacing the Conectiva and put a Debian :] > > The Debian firewall will have the same structure of the Conectiva > Firewall. > > I set up the new firewall and configured it like the conectiva > but, I'm > having some problems: > > 1. When I try to ping, using a machine on Net1, the > interfaces > 1 and 2 of the firewall1, it works fine but, if I ping others machines > on > Net2, it doesn't work > 2. If I try access the Internet using a machine on Net1, > I > can't. > > I used the commands: > > sysctl -w net.ipv4.ip_forward=1 > sysctl -w net.ipv4.conf.all.rp_filter=0 > > but, I still can't access the Internet. > > I'm a bit confuse because this is working fine on a Conectiva but, > in > the Debian not. My iptables rules is accepting everything while I'm > doing > the tests. I'm not using NAT. > > Does anyone could help me please ? Is the anything specific to set > up on > Debian Linux ? > > I think we have to know: if pinging the net2 from the firewall works; if pinging the firewall interfaces from net2 works; if the hosts on the net 2 receives the echo request while pinging from net1 to net2; if the firewall receives the echo reply; if the firewall forwards the echo reply. Naturally I assume that hosts in net2 have correct routing information for net1 via the firewall. Why the rp_filter is disabled? I think it doesn't matter. ************************************************************************** Questo messaggio puo' contenere informazioni di carattere estremamente riservato e confidenziale. Qualora non foste i destinatari, vogliate immediatamente informarci con lo stesso mezzo ed eliminare il messaggio, con gli eventuali allegati, senza trattenerne copia. Qualsivoglia utilizzo non autorizzato del contenuto di questo messaggio costituisce violazione dell'obbligo di non prendere cognizione della corrispondenza tra altri soggetti, salvo piu' grave illecito, ed espone il responsabile alle relative conseguenze civili e penali. This message is being sent from Starcom Italia Srl and may contain information which is confidential or privileged. If you are not the intended recipient, please advise the sender immediately by reply e-mail and delete this message and any attachments without retaining a copy. Any unauthorized use of the content of this message is a breach of your duty to respect the confidentiality of the correspondence between other persons and can expose the responsible party to civil and/or criminal penalties, and may constitute a more serious offense. **************************************************************************
