Michael McClure wrote:
I want to have only 1 card (eth0) in my Dachstein box and have it connect to my internal network (which, as a side note, has an eigerstein firewall w/eth1=192.168.1.254).If you want to add Samba and make a fileserver, you may want to consider using a more mainstream distribution, setup to run from HDD.
I've commented out the eth1 entries and set my IF_AUTO to eth0. I've put 192.168.1.100 into my eth0 ip w/a netmask of 24, broadcast to 192.168.1.255 and gateway to be 192.168.1.254 (my eigerstein eth1). I've changed IPFILTER_SWITCH=none.
I can ping 127.0.0.1, but not 192.168.1.100 or 254. The ping says the target network is unreachable.
What else should I do to the default 1680K Dachstein disk image network.conf to make it be a 1 interface client on my internal network? The goal is to have it serve SSHD 2.0 and have the SSH and FTP clients on it (my firewall doesn't). I want to be able to ssh through my firewall to this internal box and SSH out from there onto the internet. I'll also probably run SAMBA on it and put in a couple of hard disk drives so I can also use it as a fileserver.
If you want to use Dachstein, in addition to changing the interface configuration (which it soulds like you did OK, but I can't be sure without seeing the output of "ip addr" and "ip route"), you'll have to modify the firewall rules, since private IP traffic on the "external" interface is dropped by defalt.
The easy way to do this is to simply remove all firewall rules, by setting "IPFILTER_SWITCH=none" in network.conf, assuming your internal network is fully trusted.
If for some reason you still want to run with ipchains rules in place, you'll need to comment out the section in /etc/ipfilter.conf that drops private IP's (in the stopMartians () procedure), which is probably what's keeping you from pinging currently.
NOTE: The Dachstein firewall scripts are not really setup for a "host" type environment, where lots of services are running on the box. You can use the existing firewall rules in this way if desired, but you should review the generated rules, and make sure they meet your needs. In particular, make sure the default accepting of high TCP and UDP ports doesn't present a security risk for your configuration. To get your samba server running, you'll also have to remove the default rules blocking SMB traffic (the standardBlock () procedure in /etc/ipfilter.conf).
--
Charles Steinkuehler
[EMAIL PROTECTED]
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
