John:
Heya. Regarding your firewall troubles, might I suggest
that you please give the echowall.lrp package a try, available
at ftp.echogent.com. It's expressly designed towards making an
Eiger/Dach firewall with port-forwarding as easy as possible to
setup.
In other words, it's meant for novice users. No offense!
Just two of the things you wrote suggest you might be the target
audience:
> The first was that I could not port forward SSH to an internal box
> with either Eiger or Dach. I had the proper stuff uncommented in
> /etc/network.conf, but it just didn't work. I ended up having to do
> the following:
>
> ipchains -I input -i eth0 -j ACCEPT -p tcp -s 0/0 -d 0/0 24
This rule is a bit reckless: it will allow any TCP packets
from anywhere *to* anything hit your TCP port 24. Nothing typically
listens to TCP port 24 (the IANA designates it as "any private email
server"), so I suspect you either meant port 22 for SSH, or you changed
your SSHd server to listen to port 24 instead.
In any case...allowing a TCP connection from any address
destined for any address shouldn't ever be required.
> Dec 16 20:42:22 jfsgw kernel: Packet log: input DENY eth0 PROTO=17
> 10.2.0.1:67 255.255.255.255:68 L=350 S=0x00 I=22593 F=0x0000 T=255 (#9)
Have a look at "www.echogent.com/cgi-bin/fwlog.pl" with this
packet log. It's harmless noise, which the echowall package willl
actually not report about, by default.
Hope this helps!
-Scott
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
