dan, you hit the nail on the head. the bride was definitely locked out
of the church.
once the lock was opened, she came screaming down the isle, rushed the
altar and now the deed is done. i'm running a fully operational
dachstein cd firewall.
thank you!
pete
begin [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> Do you have the corresponding ports *open* in the EXTERN_TCP_PORTS section? If
> not, the forwarding rules are inside waiting for a bride that's locked out of
> the church ;)
>
> Also, since it looks like you have re-numbered your network from the default
> (changed 192.168.1 to 192.168.0) you should have a stroll back thru your
> configs, to make sure you have changed every instance of 192.168.1.
>
> Dan
>
> Quoting Peter Jay Salzman <[EMAIL PROTECTED]>:
>
> > i'm using dachstein 1.0.2 on a home network firewall. everything
> > seems
> > hunky dory:
> >
> > network cards are both recognized and configured correctly
> > masquerading works on the internal machines
> > everyone can ping everyone, both inside and out.
> >
> > the last hurdle is port forwarding -- it looks ok, but isn't working
> > (i'm not receiving mail, and i can't telnet to the smtp port from a
> > remote machine). note that the internal server that handles mail, ftp
> > and apache is satan.diablo.net (192.168.0.2). the firewall is
> > mephisto.diablo.net (eth0: 64.164.47.8 eth1: 192.168.0.1).
> >
> > modules:
> > ip_masq_user 3708 0 (unused)
> > ip_masq_portfw 2416 4
> > ip_masq_ftp 3576 0 (unused)
> > ip_masq_mfw 3196 0 (unused)
> > ip_masq_autofw 2476 0 (unused)
> > rtl8139 10856 1
> > tulip 32424 1
> > pci-scan 2300 0 [rtl8139 tulip]
> > isofs 17692 0
> > ide-cd 22672 0
> > cdrom 26712 0 [ide-cd]
> >
> > forwarded ports:
> > # ipmasqadm portfw -l
> > prot localaddr rediraddr lport rport pcnt
> > pref
> > TCP adsl-64-164-47-8.dsl.scrm01.pacbell.net satan.diablo.localnet 24
> > ssh 10 10
> > TCP adsl-64-164-47-8.dsl.scrm01.pacbell.net satan.diablo.localnet smtp
> > smtp 10 10
> > TCP adsl-64-164-47-8.dsl.scrm01.pacbell.net satan.diablo.localnet www
> > www 10 10
> > TCP adsl-64-164-47-8.dsl.scrm01.pacbell.net satan.diablo.localnet ftp
> > ftp 10 10
> >
> > here are the relevent variables i've set. i'm wondering what the
> > difference between them is. they look to do the same thing to me:
> >
> > INTERN_SERVERS="tcp_${EXTERN_IP}_ftp_192.168.0.2_ftp
> > tcp_${EXTERN_IP}_smtp_192.168.0.2_smtp"
> >
> > # These lines use the primary external IP address...if you need to
> > # port-forward
> > # an aliased IP address, use the INTERN_SERVERS setting above
> > INTERN_FTP_SERVER=192.168.0.2 # Internal FTP server to make
> > available
> > INTERN_WWW_SERVER=192.168.0.2 # Internal WWW server to make
> > available
> > INTERN_SMTP_SERVER=192.168.0.2 # Internal SMTP server to make
> > available
> > #INTERN_POP3_SERVER=192.168.0.2 # Internal POP3 server to make
> > available
> > #INTERN_IMAP_SERVER=192.168.0.2 # Internal IMAP server to make
> > available
> > INTERN_SSH_SERVER=192.168.0.2 # Internal SSH server to make
> > available
> > EXTERN_SSH_PORT=24 # External port to use for internal
> > SSH
> >
> > i'm looking at this, and i can't see anything that's wrong. the
> > output
> > of ipmasqadm looks compelling. it LOOKS like it should be working.
> >
> > help! any advice? what exactly is the difference between
> > INTERN_SERVERS and INTER_.*_SERVER? i'm not too sure what an
> > "aliased IP address" is. does that refer to a masqueraded ip address
> > (like 192.168.0.2)?
> >
> > any help greatly appreciated. i've been staring at this for far too
> > long. :)
> >
> > pete
> >
> > --
> > PGP Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D
> > PGP Public Key: finger [EMAIL PROTECTED]
> >
> > _______________________________________________
> > Leaf-user mailing list
> > [EMAIL PROTECTED]
> > https://lists.sourceforge.net/lists/listinfo/leaf-user
> >
--
PGP Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D
PGP Public Key: finger [EMAIL PROTECTED]
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
