Oh -- I guess I totally forgot about the custom firewalls. I am using
the native Eigerstein and will soon be porting to Dachstein.
Help me to understand....So rule 1 says to accept port 80 tcp calls that
come in on eth1 that are going to the modem and rule 2 says to take
accept any port 80 calls tcp calls that come in on eth0 from the modem?
I put the following in my file script:
$IPCH -I INPUT 1 -d 192.168.100.1/32 80 -p tcp -i eth1 -j ACCEPT
$IPCH -I INPUT 1 -s 192.168.100.1/32 80 -p tcp -i eth0 -j ACCEPT
svi network reload wasn't happy:
Starting Network: [IP Always Defrag: ENABLED]
IP filters: ipchains: No target by that name
ipchains: No target by that name
ipchains: No target by that name
ipchains: No target by that name
firewall [IP Forwarding: ENABLED]
When I comment these rules out, I don't get those errors. What am I
doing wrong?
thanks.
mike.
Ray Olszewski wrote:
> At 01:20 PM 7/6/02 -0700, Michael McClure wrote:
>
>> I have a cable modem that has an internal 192.168.100.1. It is
>> hooked to the ISP and gets a public address which it passes to my LRP
>> eth0. I have dhcpd running on eth1 to my internal Eigerstein
>> 192.168.1.x. It's a surfboard 4100 modem w/an internal status page.
>>
>> Now, I want to be able to look at the surfboard modems status page
>> 192.168.100.1 from my eth1 internal 192.168.1.x, but I don't want to
>> open my router to the work for 192.168.x.x. I want to put in a rule
>> that will take an HTTP source of 192.168.1.x on eth1 and pass that
>> through eth0 to 192.168.100.1. This should work because when I hook
>> a laptop directly to the modem, I can http://192.168.100.1 and see
>> the page. Of course, I don't want eth0 the take in 192.168.x.x from
>> the outside or break any other router RFC's.
>>
>> I've mucked about with it and am getting frustrated. I'm pretty sure
>> I need to masq between the two interfaces, but I can't get it right
>> without being wide open on 192.168.100 on all ports, all protocols.
>>
>> can any of you ipchains experts help?
>
>
>
> It would be easier if you had mentioned whether you are using
> EigerStein's built-in firewalling or one of the drop-in firewall
> packages (EchoWall, ShoreWall, and so forth).
>
> Probably all you need to do is add these rules to whatever mechanism
> your firewall uses for setup:
>
> ipchains -I INPUT 1 -d 192.168.100.1/32 80 -p tcp -i eth1 -j
> ACCEPT
> ipchains -I INPUT 1 -s 192.168.100.1/32 80 -p tcp -i eth0 -j
> ACCEPT
>
> Some firewall rulesets will require similar additions to OUTPUT, and
> conceivably FORWARD or a custom chain, but this pair will work with
> many firewalls that block private addresses on the external interface.
> I think these additions are enough for EigerStein, but I'm not certain
> of it.
>
>
>
> --
> -----------------------------------------------"Never tell me the
> odds!"--------------
> Ray Olszewski -- Han Solo
> Palo Alto, California, USA [EMAIL PROTECTED]
>
>-------------------------------------------------------------------------------------------
>
>
>
>
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Got root? We do.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
