> I have installed Dachstein-pr2 onto my 486DX66 with IDE support using the
> kernel from Charles' site. I have it setup to boot from the hd, but then
> run from the ramdisk. Other, perhaps irrelevant details:
>
> Cable Modem connection;
> Single, DHCP acquired public IP address;
> sshd-1 installed and running successfully;
> 3 3c509 NICs installed and running successfully;
>
> Having made the system work for masquerading my internal network to the
> internet, I then turned to adding in support for my DMZ network (that
I've
> had running using Eigerstein and Eigerstein2beta for about 9 months now).
> See the appended extract of the network.conf file for details of the
changes
> I have made to the stock distribution file.
>
> The problem is, I don't seem to have have the dmz functionality. While my
> internal network can access the internet, it cannot access the dmz net
(i.e.
> pings fail). However, pings from the dachstein box to both the internal
and
> the dmz net are successful. Looking at the /var/log/messages file, I
cannot
> see any log of any packets from the internal net getting denied on their
way
> to the dmz.
>
> If anyone can help, I'd be much obliged.
Comments inline...
> # TCP services open to outside world
> # Space seperated list: srcip/mask_dstport
> # I have opened these with the intention of port forwarding to my private
> address DMZ
> EXTERN_TCP_PORTS="0/0_22021 0/0_22022 0/0_22080 0/0_22180 0/0_22443"
Noted...
>
############################################################################
> ###
> # DMZ setup (optional)
>
############################################################################
> ###
> # Whether you want a DMZ or not (YES, PROXY, NAT, PRIVATE, NO)
> DMZ_SWITCH=PRIVATE
> DMZ_IF="eth1"
> DMZ_NET=192.168.2.0/24
Comment out all the following...these variables are not used for a private
port-forwarded DMZ
> DMZ_SRC=216.171.153.128/25
> DMZ_EXT_ADDRS="$eth0_DEFAULT_GW $EXTERN_IP"
> DMZ_HIGH_TCP_CONNECT=NO
> #DMZ_CLOSED_DEST="tcp_${DMZ_NET}_6000:6004 tcp_${DMZ_NET}_7100"
> DMZ_OPEN_DEST=" udp_${DMZ_NET}_domain
> tcp_${DMZ_NET}_domain
> icmp_${DMZ_NET}_:
> tcp_1.1.2.13_www"
I missed adding this section to network.conf. Uncomment and change as
appropriate for your desired services.
# Private DMZ switches
# Services port-forwarded to the DMZ network
#DMZ_SERVER0="udp 1.2.3.13 domain 192.168.2.1 domain"
#DMZ_SERVER1="tcp 1.2.3.13 domain 192.168.2.1 domain"
#DMZ_SERVER2="tcp 1.2.3.13 www 192.168.2.1 www"
#DMZ_SERVER3="tcp 1.2.3.13 smtp 192.168.2.1 smtp"
#DMZ_SERVER4="tcp 1.2.3.12 www 192.168.2.1 8080"
If you continue to have problems, please include the output of "svi network
ipfilter list", as well as the information you provided this time...it will
help me determine if there's a problem with your network.conf settings, or
the new firewall scripts.
Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
