If I have 10.0.0.1 as my external IP on the LEAF, how would I turn off the private-address filtering on the LEAF router's external interface. I am looking in /etc/ipfilters.conf and find 3 locations where RFC 1918/1627...non-routable addresses are DENIED. One is under filtering out Martian Source addresses. The other 2 are under Border router stuff, 1 under the Incoming stuff and again under outgoing stuff.
I assume I should comment out all instances of this address being denied in ipfilters.conf? Thanks -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ray Olszewski Sent: Friday, June 14, 2002 12:01 PM To: Kale Lowman; [EMAIL PROTECTED] Subject: Re: [leaf-user] Cisco DSL configuration At 11:10 AM 6/14/02 -0700, Kale Lowman wrote: >Rather new here, so gently reproof any mistakes. >I am setting up Dachstein and cannot find how I should set up my Cisco 678 DSL >modem. We have a static IP assigned by our ISP, if I use that on the >outside of the DSL modem, what should I set for the outside of the firewall? >I don't need a DMZ. If you do have only one real IP address, as your comments seem to suggest, then you use it as the Cisco's external address. What to do on the inside depends on details of the Cisco that you haven't told us. Guessing from the little you have said, I'd think you want to turn NAT -ON- on the Cisco and use some suitable private-address LAN (or static route) to connect it to the LEAF router. For example, make the Cisco 10.1.1.1 and the LEAF external port 10.1.1.2, on network 10.1.1.0/30. (Then remember to turn off private-address filtering on the LEAF router's external interface, or use a dropin firewall like EchoWall that handles that part for you.) Now, as to the LEAF router ... once again, it depends on what you want the LEAF router to do. Easiest is to run its external interface as described above, and its internal interface as some different private-address network (say 192.168.1.0/24) with its NAT turned on as well. This approach does a "double NAT" of any LEAF-LAN host connection to the Internet, which might cause some problems, but it's hard to say without more info about the Cisco and about what you want to do. Other options are to turn standard NAT off on the LEAF router, then use static-NAT, or proxy arp, or modification of the Cisco's routing table to connect the LEAF LAN to the Internet. Again, we'd need to know more about the Cisco to discuss the relative merits of these approaches. -- -----------------------------------------------"Never tell me the odds!"-------------- Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] ---------------------------------------------------------------------------- --------------- ------------------------------------------------------- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
