Ok, so You have valid class C adressses on router and on all nics on
firewall.
Are You using addresses from same subnet on router and firewall?
If You do -> You must use proxy arp on firewall
//OLAS
"Marx, J�rg" wrote:
> Hi,
>
> first of all your firewall has to be a router. Get your routing
> right or you won't get it work!
> Try to ping from the linux box to inside (your web server) and
> to the outside. Maybe you have to debug your setup using tcpdump
> (so you can see arp's, arp replies and other interesting things)
> If it works, get your fw-script up and running.
> Then enable forwarding in kernel:
>
> echo "1" > /proc/sys/net/ipv4/ip_forward
>
> Set your final "-j DENY" rule to log. You can now debug your
> fw-script.
> Take a portscanner like nmap to get a picture from the outside!
>
> HTH
> J"org.
>
> --
>
> J�rg Marx
> secunet
> Security Networks AG Tel./Fax: +49 351 43959 40
> Ammonstra�e 72 E-Mail: [EMAIL PROTECTED]
>
> 01067 Dresden
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, August 31, 2000 1:44 AM
> > To: [EMAIL PROTECTED]
> > Subject: question about hardware set up
> >
> >
> > You will have to forgive me if I say/write anything stupid,... I am a
> > complete newbie at firewalls. Also, I am not subscribed to
> > this list so
> > please email directly or cc me on any responses, thanks.
> >
> > The situation is this: I have read the firewall howto and a
> > book called
> > "Linux Firewalls" by R. Ziegler and using that information I built a
> > firewall with ipchains. I am all ready to test my script so
> > I hooked up
> > a set up as follows:
> >
> > world -- hub_A -- firewall NIC_0 - firewall NIC_1 -- hub_B --
> > webserver
> > NIC_0
> >
> > The firewall machine has 2 NICs (NIC 0 and NIC 1) both with
> > valid class
> > C IPs on them. I set the webserver's gateway to be an IP on the
> > firewall (I actually tried it with both IPs but neither worked). The
> > gateway on the firewall is the gateway that our ISP provided for us.
> > The problem is that the webserver can't ping out, it can't
> > even ping to
> > either of the 2 NICs on the firewall machine it is attached to via the
> > hub. The webserver and firewall IPs are all in the same
> > subnet. I have
> > tested all 3 NICs and they are all fine. The webserver works
> > fine as a
> > stand alone machine but when it's connected to the firewall I
> > can't ping
> > out. I built a marvelous firewall, no one can get from the
> > internet in
> > not even me, the problem is that the firewall script isn't up
> > yet, i.e.
> > it's not running. I wanted to hook up a test server to make
> > sure all my
> > rules worked.
> >
> > Looking at the firewall howto, that person made the firewall's gateway
> > one of the firewall's IPs which I tried too with no luck (but seemed a
> > bit strange to me). I also read through the network 3&4 howto as well
> > as the ipchains howto with no luck.
> >
> > What am I missing? Please forgive me if it's stupid and obvious. I
> > have done a lot of archived mails with no luck. Thanks in advance.
> > -anna
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
