Re: [leaf-user] 10.10.x.x network blocked by default?

Mon, 15 Jul 2002 16:12:57 -0700 

Jon Clausen wrote:
> 
> On Mon, Jul 15, 2002 at 07:15:24PM +0000, Scott C. Best wrote:
> > Tony:
> >       Heya. Yes, the 10.x.y.z private IP address range is blocked
> > by the default firewall script that comes with Dachstein. You may
> > want to try "echowall.lrp" which I built for Dachstein which doesn't
> > do this. I had the same trouble with the standard Dachstein ruleset,
> > and before long I had so many customizations to it, it became its
> > own package. :)
> >
> >       If you want to keep using the default Dachstein firewall
> > for whatever reason, I believe the changes you need to make are in
> > the network.conf file. Should be easy to find in there...
> 
> I had to get past that once... What I did (if memory, and old comments
> serve) was in ipfilter.conf:
> 
> ~line 208:
> $IPCH -A $LIST -j DENY -p all  -s 10.0.0.0/8 -d 0/0 -l $*
> 
> ~line 420:
> $IPCH -A input -j DENY -p all -s 0/0 -d 10.0.0.0/8 -i $EXTERN_RIF
> 
> ~line 502:
> $IPCH -A output -j DENY -p all -s 0/0 -d 10.0.0.0/8 -i $EXTERN_RIF
> 
> comment out those lines, and the rules don't get made...

Are you trying to connect to the modem itself (the web server on
it)? This was my need with my ADSL modem.

If so then I prefered to not open the whole range, but instead
open just the one IP where the modem http server sits. I chenged
the end of my /etc/ipfilter.conf by adding the following last
section. The Alcatel SpeedTouch Home uses the 10.0.0.138 address,
find out what yours uses.

I am on an old LRP using 2.2.16, but the same idea should apply to
the later configurations.

=========================================
ADSL_SERVER_IP="10.0.0.138"                           
for NET in $INTERN_NET ; do                            
        $IPCH -I forward 1 -j MASQ -p tcp \           
                -s $NET -d $ADSL_SERVER_IP www -i eth0
done
}

<< EOF >>
=========================================

--
Eyal Lebedinsky ([EMAIL PROTECTED]) <http://samba.org/eyal/>


-------------------------------------------------------
This sf.net email is sponsored by: Jabber - The world's fastest growing 
real-time communications platform! Don't just IM. Build it in! 
http://www.jabber.com/osdn/xim
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to