Hi,
first of all your firewall has to be a router. Get your routing
right or you won't get it work!
Try to ping from the linux box to inside (your web server) and
to the outside. Maybe you have to debug your setup using tcpdump
(so you can see arp's, arp replies and other interesting things)
If it works, get your fw-script up and running.
Then enable forwarding in kernel:
echo "1" > /proc/sys/net/ipv4/ip_forward
Set your final "-j DENY" rule to log. You can now debug your
fw-script.
Take a portscanner like nmap to get a picture from the outside!
HTH
J"org.
--
J�rg Marx
secunet
Security Networks AG Tel./Fax: +49 351 43959 40
Ammonstra�e 72 E-Mail: [EMAIL PROTECTED]
01067 Dresden
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 31, 2000 1:44 AM
> To: [EMAIL PROTECTED]
> Subject: question about hardware set up
>
>
> You will have to forgive me if I say/write anything stupid,... I am a
> complete newbie at firewalls. Also, I am not subscribed to
> this list so
> please email directly or cc me on any responses, thanks.
>
> The situation is this: I have read the firewall howto and a
> book called
> "Linux Firewalls" by R. Ziegler and using that information I built a
> firewall with ipchains. I am all ready to test my script so
> I hooked up
> a set up as follows:
>
> world -- hub_A -- firewall NIC_0 - firewall NIC_1 -- hub_B --
> webserver
> NIC_0
>
> The firewall machine has 2 NICs (NIC 0 and NIC 1) both with
> valid class
> C IPs on them. I set the webserver's gateway to be an IP on the
> firewall (I actually tried it with both IPs but neither worked). The
> gateway on the firewall is the gateway that our ISP provided for us.
> The problem is that the webserver can't ping out, it can't
> even ping to
> either of the 2 NICs on the firewall machine it is attached to via the
> hub. The webserver and firewall IPs are all in the same
> subnet. I have
> tested all 3 NICs and they are all fine. The webserver works
> fine as a
> stand alone machine but when it's connected to the firewall I
> can't ping
> out. I built a marvelous firewall, no one can get from the
> internet in
> not even me, the problem is that the firewall script isn't up
> yet, i.e.
> it's not running. I wanted to hook up a test server to make
> sure all my
> rules worked.
>
> Looking at the firewall howto, that person made the firewall's gateway
> one of the firewall's IPs which I tried too with no luck (but seemed a
> bit strange to me). I also read through the network 3&4 howto as well
> as the ipchains howto with no luck.
>
> What am I missing? Please forgive me if it's stupid and obvious. I
> have done a lot of archived mails with no luck. Thanks in advance.
> -anna
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
