oh, and I started out from scratch with a new network.conf too.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Charles Steinkuehler Sent: Friday, August 09, 2002 4:01 PM To: Alec Miller; [EMAIL PROTECTED] Subject: Re: [leaf-user] Dachstein-CD eth3 / DMZ error > I managed to get the 'IP filters: /etc/init.d/network: [B/sbin/ipchains: not > found' error gone by replacing the ipfilter.conf and networks file with new > ones. > > but am still have the invalid port service error.....before I redo a new > network.conf does this bug still exist?? > > Re: [Leaf-user] 4 NIC LRP -Dachstein CD- only one internal IP forwards to > internet > http://www.mail-archive.com/leaf-user@lists.sourceforge.net/msg05123.htm l Yes, I believe this bug still exists (at least it's still in the latest Dachstein release I'm running)...good job finding this on the mailing list...I'd forgotten about that bug, and my development server with the todo & bug lists is still off-line after my big office move at the end of last month :< Anyway, if you want to continue to use a private DMZ (your other option would be Static-NAT or Proxy-ARP), you can play guinea pig and try the following... You'll need to change the DMZ_reverse_masq procedure in /etc/ipfilter.conf...it's got the only reference to INTERN_IF in the whole file, so it's easy to find. Find the following lines which provide reverse-masquerading for port-forwarded DMZ connections when accessed from the internal network: # For internal connections $IPCH -A forward -j MASQ -p $1 -s $DMZ_NET $DST_PORT \ -d $INTERN_NET -i $INTERN_IF Change to the following to support multiple internal networks: # For internal connections for NET in $INTERN_NET; do $IPCH -A forward -j MASQ -p $1 -s $DMZ_NET $DST_PORT \ -d $NET done; unset NET This change should allow multiple internal networks with a private DMZ. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
