Hi,
I'm a newbie, but would be grateful for help with the following:
I set up the following isolated network in order to help learn/test my
set-up of Bering 2.0.3:
HOST 'far' IP 1.2.3.1 running RH Linux 6.2
|
|
|
1.2.3.4/24
Bering firewall
192.168.1.254/24
|
|
|
HOST 'near' IP 192.168.1.2 running RH Linux 7.3
The Bering/Shorewall set-up is almost standard - I only changed what I
believe is the necessary minimum.
In th elong run I want to set up a link between two networks and do 1-to-1
NAT (SNAT) for connections
from specific machines on one network (with private IPs) to the other (with
some allocated IPs on the second network
for these machines).
Some configuration file content and output debug from the three machines is
appended. I apologise if this doesn't include something that's particularly
significant...
In a nutshell, I can ping the firewall from both near and far. I can also
ping near
and far from the firewall. However I cannot ping far from near, but do not
understand
why not - Help please!
OUTPUT on each machine:
=======================
HOST 'near'
=========
netstat -nr
-----------
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 40 0 0
eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo
0.0.0.0 192.168.1.254 0.0.0.0 UG 40 0 0
eth0
ifconfig
--------
eth0 Link encap:Ethernet HWaddr 00:50:04:C9:CB:38
inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:35 errors:0 dropped:0 overruns:0 frame:0
TX packets:54 errors:0 dropped:0 overruns:0 carrier:4
collisions:0 txqueuelen:100
RX bytes:3088 (3.0 Kb) TX bytes:4730 (4.6 Kb)
Interrupt:9 Base address:0x4000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:64 errors:0 dropped:0 overruns:0 frame:0
TX packets:64 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4834 (4.7 Kb) TX bytes:4834 (4.7 Kb)
route
-----
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 192.168.1.254 0.0.0.0 UG 0 0 0 eth0
/etc/hosts
----------
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.1.2 near
'ping'
------
PING 1.2.3.4 (1.2.3.4) from 192.168.1.2 : 56(84) bytes of data.
64 bytes from 1.2.3.4: icmp_seq=1 ttl=255 time=0.297 ms
64 bytes from 1.2.3.4: icmp_seq=2 ttl=255 time=0.276 ms
:
--- 1.2.3.4 ping statistics ---
4 packets transmitted, 4 received, 0% loss, time 2997ms
rtt min/avg/max/mdev = 0.276/0.283/0.297/0.018 ms
PING 192.168.1.254 (192.168.1.254) from 192.168.1.2 : 56(84) bytes of data.
64 bytes from 192.168.1.254: icmp_seq=1 ttl=255 time=0.295 ms
64 bytes from 192.168.1.254: icmp_seq=2 ttl=255 time=0.274 ms
64 bytes from 192.168.1.254: icmp_seq=3 ttl=255 time=0.272 ms
--- 192.168.1.254 ping statistics ---
3 packets transmitted, 3 received, 0% loss, time 1998ms
rtt min/avg/max/mdev = 0.272/0.280/0.295/0.017 ms
PING 192.168.1.2 (192.168.1.2) from 192.168.1.2 : 56(84) bytes of data.
64 bytes from 192.168.1.2: icmp_seq=1 ttl=255 time=0.045 ms
64 bytes from 192.168.1.2: icmp_seq=2 ttl=255 time=0.035 ms
--- 192.168.1.2 ping statistics ---
2 packets transmitted, 2 received, 0% loss, time 999ms
rtt min/avg/max/mdev = 0.035/0.040/0.045/0.005 ms
PING 1.2.3.1 (1.2.3.1) from 192.168.1.2 : 56(84) bytes of data.
--- 1.2.3.1 ping statistics ---
8 packets transmitted, 0 received, 100% loss, time 7011ms
HOST 'far'
========
ifconfig
--------
eth0 Link encap:Ethernet HWaddr 00:00:86:31:F1:C1
inet addr:1.2.3.1 Bcast:1.2.3.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:51 errors:0 dropped:0 overruns:0 frame:0
TX packets:69 errors:0 dropped:0 overruns:0 carrier:1
collisions:0 txqueuelen:100
Interrupt:10 Base address:0x300
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:25 errors:0 dropped:0 overruns:0 frame:0
TX packets:25 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
far * 255.255.255.255 UH 0 0 0 eth0
1.2.3.0 * 255.255.255.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default firewall 0.0.0.0 UG 1 0 0 eth0
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
1.2.3.1 0.0.0.0 255.255.255.255 UH 0 0 0
eth0
1.2.3.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 1.2.3.4 0.0.0.0 UG 0 0 0
eth0
'ping'
------
PING far (1.2.3.1) from 1.2.3.1 : 56(84) bytes of data.
64 bytes from far (1.2.3.1): icmp_seq=0 ttl=255 time=0.2 ms
64 bytes from far (1.2.3.1): icmp_seq=1 ttl=255 time=0.0 ms
64 bytes from far (1.2.3.1): icmp_seq=2 ttl=255 time=0.0 ms
--- far ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.0/0.0/0.2 ms
firewall
========
ip route show
-------------
1.2.3.0/24 dev eth0 proto kernel scope link src 1.2.3.4
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254
default via 1.2.3.1 dev eth0
ip maddr show
-------------
1: lo
inet 224.0.0.1
3: eth0
link 01:00:5e:00:00:01
inet 224.0.0.1
4: eth1
link 01:00:5e:00:00:01
inet 224.0.0.1
'ping'
------
PING 1.2.3.4 (1.2.3.4): 56 data bytes
64 bytes from 1.2.3.4: icmp_seq=0 ttl=255 time=0.2 ms
64 bytes from 1.2.3.4: icmp_seq=1 ttl=255 time=0.1 ms
--- 1.2.3.4 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.1/0.1/0.2 ms
PING 1.2.3.1 (1.2.3.1): 56 data bytes
64 bytes from 1.2.3.1: icmp_seq=0 ttl=255 time=0.6 ms
64 bytes from 1.2.3.1: icmp_seq=1 ttl=255 time=0.5 ms
--- 1.2.3.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.5/0.5/0.6 ms
PING 192.168.1.254 (192.168.1.254): 56 data bytes
64 bytes from 192.168.1.254: icmp_seq=0 ttl=255 time=0.2 ms
64 bytes from 192.168.1.254: icmp_seq=1 ttl=255 time=0.1 ms
64 bytes from 192.168.1.254: icmp_seq=2 ttl=255 time=0.1 ms
--- 192.168.1.254 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.1/0.1/0.2 ms
PING 192.168.1.2 (192.168.1.2): 56 data bytes
64 bytes from 192.168.1.2: icmp_seq=0 ttl=255 time=0.4 ms
64 bytes from 192.168.1.2: icmp_seq=1 ttl=255 time=0.3 ms
64 bytes from 192.168.1.2: icmp_seq=2 ttl=255 time=0.3 ms
--- 192.168.1.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.3/0.3/0.4 ms
shorewall hits (after trying telnet)
------------------------------------
Shorewall-1.3.10 Hits at firewall - Thu Jan 9 18:27:12 UTC 2003
HITS IP DATE
---- --------------- ------
2 192.168.1.2 Jan 9
HITS IP PORT
---- --------------- -----
2 192.168.1.2 23
HITS DATE
---- ------
2 Jan 9
HITS PORT SERVICE(S)
---- ----- ----------
2 23 telnet
Shorewall-1.3.10 Status at firewall - Thu Jan 9 18:27:26 UTC 2003
Counters reset Thu Jan 9 17:58:23 UTC 2003
CONFIGURATION FILES:
====================
/etc/hosts
127.0.0.1 localhost
192.168.1.254 firewall
1.2.3.1 far
192.168.1.2 near
# /etc/hosts.allow:
# Allow anything from the local net
ALL: 192.168.1.0/255.255.255.0
# /etc/network/interfaces -- configuration file for LEAF network
# J. Nilo, April 2002
#
# Loopback interface.
auto lo
iface lo inet loopback
# Step 1: configure external interface
# uncomment/adjust one of the following 4 options
# Option 1.1 (default): eth0 / dynamic IP from pump/dhclient
#auto eth0
#iface eth0 inet dhcp
#
# Option 1.2: eth0 / Fixed IP (assumed to be 1.2.3.4).
# (broadcast/gateway optional)
auto eth0
iface eth0 inet static
address 1.2.3.4
masklen 24
broadcast 1.2.3.255
gateway 1.2.3.1
#
# Option 1.3: PPP/PPPOE (modem connected to eth0)
#auto ppp0
#iface ppp0 inet ppp
# pre-up ip link set eth0 up
# provider dsl-provider eth0
#
# Option 1.4: PPP modem
#auto ppp0
#iface ppp0 inet ppp
# provider provider
# Step 2: configure internal interface
# Default: eth1 / fixed IP = 192.168.1.254
auto eth1
iface eth1 inet static
address 192.168.1.254
masklen 24
broadcast 192.168.1.255
# Step 3 (optionnal): configure DMZ
# Default: eth2 / fixed IP = 192.168.1.100
#auto eth2
#iface eth2 inet static
# address 192.168.1.100
# masklen 24
# broadcast 192.168.1.255
# Step 4 (optionnal): configure a bridge
#auto br0
#iface br0 inet static
# address 192.168.1.254
# masklen 24
# broadcast 192.168.1.255
# bridge_ports all
/etc/options
============
ip_forward=no
spoofprotect=yes
syncookies=no
/etc/resolv.conf
================
nameserver 127.0.0.1
nameserver 192.168.1.254
/etc/spoof-protect
==================
# default spoof protection configuration
#
# this is only necessary for pre-2.2 kernels.
# (it can be determined automatically under 2.2.x)
LOCAL_IPS="127.0.0.1/8"
LOCAL_IFACES="eth0 eth1 ppp0"
shorewall/interfaces
====================
#
# Shorewall 1.3 -- Interfaces File
#
# /etc/shorewall/interfaces
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 1.2.3.255 routefilter
loc eth1 192.168.1.255 routestopped
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
#
# Shorewall 1.3 - Masquerade file
#
# /etc/shorewall/masq
#
############################################################################
##
#INTERFACE SUBNET ADDRESS
eth0 eth1
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
Thanks.
Wynne
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
