Re: [leaf-user] Linux firewalling rules, Dachstein

Mon, 29 Jul 2002 12:25:50 -0700 


[EMAIL PROTECTED] wrote:
> 
> > [2] Modify the Dachstein firewall rules accept this private network
> > from the router.  To do this, you will need to create a file:
> > /etc/ipchains.input in which you need add this line:
> >
> >       $IPCH -I input -j ACCEPT -p all -s 0/0 -d 192.168.50.0/24 -i
> >       $EXTERN_IF
> >
> > Also, create a file: /etc/ipchains.output in which you need add this
> > line:
> >
> >       $IPCH -I output -j ACCEPT -p all -s 0/0 -d 192.168.50.0/24 -i
> > $EXTERN_IF
> >
> > At the moment, I cannot remember whether or not else is required; but,
> > carefully review /etc/ipfilter.conf and you will find these:
> >
> >       $IPCH -A input -j DENY -p all -s 0/0 -d 192.168.0.0/16 -i $EXTERN_RIF
> >       $IPCH -A output -j DENY -p all -s 0/0 -d 192.168.0.0/16 -i $EXTERN_RIF
> >
> 
> I added the lines above to /etc/ipchains.output and /etc/ipchains.input,
> and now I can ping the router,

Originally, you said, "I can't ping, or, it seems, otherwise communicate
with, our ISP's on site router, or anything beyond it on the net."

So, this is progress ;>

> BUT I still can't reach the internet.
> I also changed those two lines above in /etc/ipfilter.conf to read
> "ACCEPT" where they said "DENY" (was that the right thing to do?), but
> doing that had no effect.

Un-do this.

> I'm one step closer, but not there yet...any more good *guesses* ;-)  ?

Please, publish the output of these commands:

        ip addr

        ip route

Also, publish *all* known configuration for the router.

It would seem that some gateway configuration is incorrect . . .

-- 

Best Regards,

mds
mds resource
888.250.3987

Dare to fix things before they break . . .

Our capacity for understanding is inversely proportional to how much we
think we know.  The more I know, the more I know I don't know . . .


-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to