I'm into a blind cove and close to the rocks.
I'm struggling to set up LRP and have partial success. I cannot ping to the
outside world. ONLY to the assigned IP my ISP gives me.
Using ppp0 --> outside; eht0 --> inside
I get no error messages in /var/log/messages or /var/log/ppp.log
Get perfect success when I ping the assigned IP. Likewise, I can ping any
internal machine on my LAN. Nothing when ping ANYWHERE else outside,
including the DNS servers or other IPs or names. The "SO" modem light blinks
merrily, but no one is talking back.
Details:
Hardware: Pentium 75/133, 48 Mb RAM, USRobotics 28800 (old) modem, ne2000 NIC
OS: Charles Steinkuehler's EigerStein_1_img_EigerStein.exe with dialout.lrp
from Trevor
Things tried: removed any (and ALL) references in --> /etc/hosts.deny -->
/etc/hosts.allow
Changed modem configs to several types: ATH0, AT&F1, AT&FH0, etc
It's clear I'm connecting fine, just my ISP is blocking me somehow. BTW, on
my regular Slackware 9.0 box I have absolutely no problem (setup with
'pppsetup'). I can connect and ping and surf everywhere. I have built
/etc/ppp/options and /etc/ppp/chatscript to look exactly like my working box
which works. Hmmm? (that's circular)
So, here's hoping someone with a quick look can pinpoint my mistake. After
much frustration with other LRPs, this version is tantalizing close to
talking to the outside. Thanks.
-- Bob Peterson
ps: I looked through "Re: [leaf-user] Can't ping external gateway" thread from
Sept 2002. This seemed to be slightly different. Yes? No?
So here is all those details the help page requested. I'll strip the filler.
Hoping all of this is helpful
-------------------------------------------------
uname -a
Linux firewall 2.2.16 #1 Sun Jun 11 11:33:38 CDT 2000 i386 unknown
-------------------------------------------------
/var/log/messages
Jul 12 10:29:47 firewall kernel: PPP: version 2.3.7 (demand dialling)
Jul 12 10:29:47 firewall kernel: PPP line discipline registered.
Jul 12 10:29:47 firewall kernel: PPP BSD Compression module registered
Jul 12 10:29:47 firewall kernel: PPP Deflate Compression module registered
Jul 12 10:29:47 firewall kernel: ne.c:v1.10 9/23/94 Donald Becker
([EMAIL PROTECTED])
Jul 12 10:29:47 firewall kernel: NE*000 ethercard probe at 0x280: 52 54 40 21
30 31
Jul 12 10:29:47 firewall kernel: eth0: NE2000 found at 0x280, using IRQ 11.
Jul 12 10:29:47 firewall kernel: registered device ppp0
Jul 12 10:31:04 firewall pppd[735]: Starting link
Jul 12 10:31:05 firewall chat[812]: report (CONNECT)
Jul 12 10:31:05 firewall chat[812]: timeout set to 60 seconds
Jul 12 10:31:05 firewall chat[812]: abort on (BUSY)
Jul 12 10:31:05 firewall chat[812]: abort on (NO CARRIER)
Jul 12 10:31:05 firewall chat[812]: abort on (VOICE)
Jul 12 10:31:05 firewall chat[812]: abort on (NO DIALTONE)
Jul 12 10:31:05 firewall chat[812]: send (AT&F1^M)
Jul 12 10:31:06 firewall chat[812]: expect (OK)
Jul 12 10:31:06 firewall chat[812]: AT&F1^M^M
Jul 12 10:31:06 firewall chat[812]: OK
Jul 12 10:31:06 firewall chat[812]: -- got it
Jul 12 10:31:06 firewall chat[812]: send (ATDT16302325970^M)
Jul 12 10:31:06 firewall chat[812]: timeout set to 60 seconds
Jul 12 10:31:06 firewall chat[812]: expect (CONNECT)
Jul 12 10:31:06 firewall chat[812]: ^M
Jul 12 10:31:23 firewall chat[812]: ATDT16302325970^M^M
Jul 12 10:31:23 firewall chat[812]: CONNECT
Jul 12 10:31:23 firewall chat[812]: -- got it
Jul 12 10:31:23 firewall pppd[735]: Serial connection established.
Jul 12 10:31:24 firewall pppd[735]: Connect: ppp0 <--> /dev/ttyS1
Jul 12 10:31:31 firewall pppd[735]: Remote message:
Jul 12 10:31:35 firewall pppd[735]: Remote IP address changed to
206.166.57.162
Jul 12 10:33:17 firewall kernel: martian source f797fea9 for fffffea9, dev
eth0
Jul 12 10:33:17 firewall kernel: ll header: ff ff ff ff ff ff 00 50 ba 50 ff
59 08 00
Jul 12 10:34:51 firewall pppd[735]: Terminating connection due to lack of
activity.
Jul 12 10:34:51 firewall pppd[735]: Connection terminated.
Jul 12 10:34:51 firewall pppd[735]: Hangup (SIGHUP)
------------------------------------------------
***route***
206.166.57.162 dev ppp0 proto kernel scope link src 12.34.56.78
192.168.100.0/24 dev eth0 proto kernel scope link src 192.168.100.1
default via 206.166.57.162 dev ppp0
------------------------------------------------
***filter***
Chain input (policy DENY: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize
source destination ports
0 0 DENY icmp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 13 -> *
0 0 DENY icmp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 14 -> *
0 0 DENY all ----l- 0xFF 0x00 ppp0
0.0.0.0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
255.255.255.255 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
127.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
224.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
10.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
172.16.0.0/12 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
192.168.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
0.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
128.0.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
191.255.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
192.0.0.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
223.255.255.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
240.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
192.168.100.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
0.0.0.0 0.0.0.0/0 n/a
0 0 REJECT all ----l- 0xFF 0x00 ppp0
0.0.0.0/0 127.0.0.0/8 n/a
0 0 REJECT all ----l- 0xFF 0x00 ppp0
0.0.0.0/0 192.168.100.0/24 n/a
0 0 REJECT tcp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 * -> 137
0 0 REJECT tcp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 * -> 135
0 0 REJECT udp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 * -> 137
0 0 REJECT udp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 * -> 135
0 0 REJECT tcp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 * -> 138:
139
0 0 REJECT udp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 * -> 138
0 0 REJECT udp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 137:138 ->
*
0 0 REJECT udp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 135 -> *
0 0 REJECT tcp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 137:139 ->
*
0 0 REJECT tcp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 135 -> *
0 0 ACCEPT tcp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 * -> 22
0 0 ACCEPT tcp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 * -> 25
0 0 REJECT tcp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 * -> 113
0 0 ACCEPT tcp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 * -> 1024
:65535
0 0 REJECT udp ----l- 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 * -> 161:
162
0 0 ACCEPT udp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 * -> 53
0 0 ACCEPT udp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 * -> 123
0 0 ACCEPT udp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 * -> 68
0 0 DENY udp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 * -> 67
0 0 ACCEPT udp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 * -> 1024
:65535
0 0 ACCEPT icmp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 * -> *
0 0 ACCEPT ospf ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 n/a
0 0 REJECT udp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 * -> 161:
162
0 0 REJECT udp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 161:162 ->
*
7 1733 ACCEPT all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
Chain forward (policy DENY: 0 packets, 0 bytes):
Chain forward (policy DENY: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize
source destination ports
0 0 DENY icmp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 5 -> *
0 0 MASQ all ------ 0xFF 0x00 ppp0
192.168.100.0/24 0.0.0.0/0 n/a
0 0 DENY all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
Chain output (policy DENY: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize
source destination ports
49 4116 fairq all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
0.0.0.0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
255.255.255.255 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
127.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
224.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
10.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
172.16.0.0/12 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
192.168.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
0.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
128.0.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
191.255.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
192.0.0.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
223.255.255.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0
240.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ------ 0xFF 0x00 ppp0
192.168.100.0/24 0.0.0.0/0 n/a
0 0 REJECT tcp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 * -> 137
0 0 REJECT tcp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 * -> 135
0 0 REJECT udp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 * -> 137
0 0 REJECT udp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 * -> 135
0 0 REJECT tcp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 * -> 138:
139
0 0 REJECT udp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 * -> 138
0 0 REJECT udp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 137:138 ->
*
0 0 REJECT udp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 135 -> *
0 0 REJECT tcp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 137:139 ->
*
0 0 REJECT tcp ------ 0xFF 0x00 ppp0
0.0.0.0/0 0.0.0.0/0 135 -> *
49 4116 ACCEPT all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
Chain fairq (1 references):
pkts bytes target prot opt tosa tosx ifname mark outsize
source destination ports
0 0 RETURN ospf ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 n/a
0 0 RETURN ospf ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 n/a
0 0 RETURN udp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 * -> 52
0
0 0 RETURN udp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 520 ->
*
0 0 RETURN tcp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 * -> 17
9
0 0 RETURN tcp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 179 ->
*
0 0 RETURN tcp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 * -> 53
0 0 RETURN tcp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 53 -> *
0 0 RETURN udp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 * -> 53
0 0 RETURN udp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 53 -> *
0 0 RETURN tcp ------ 0xFF 0x00 * 0x2
0.0.0.0/0 0.0.0.0/0 * -> 23
0 0 RETURN tcp ------ 0xFF 0x00 * 0x2
0.0.0.0/0 0.0.0.0/0 23 -> *
0 0 RETURN tcp ------ 0xFF 0x00 * 0x2
0.0.0.0/0 0.0.0.0/0 * -> 22
0 0 RETURN tcp ------ 0xFF 0x00 * 0x2
0.0.0.0/0 0.0.0.0/0 22 -> *
----------------------------------------------
***mfw***
fwmark rediraddr rport pcnt pref
Hmmm?, looks empty
---------------------------------------------
***portfw***
prot localaddr rediraddr lport rport pcnt pref
Again, empty?
---------------------------------------------
***autofw***
Type Prot Low High Vis Hid Where Last CPto CPrt Timer Flags
More empty?
----------------------------------------------
***/etc/hosts***
# This file was generated by /etc/rcS.d/S39network. It may be overwritten!
192.168.100.1 firewall.glc firewall mr rtr
127.0.0.1 localhost
-----------------------------------------------
***/etd/networks***
localnet 127.0.0.0
localnet 192.168.100.0
-----------------------------------------------
***/etc/resolv.conf***
# This file was generated by /etc/rcS.d/S39network. It may be overwritten!
search enc.k12.il.us
nameserver 206.166.17.20
nameserver 206.166.83.20
nameserver 127.0.0.1
------------------------------------------------
***/etc/network.conf***
###############################################################################
# General Settings
###############################################################################
VERBOSE=YES
MAX_LOOP=10
IPFWDING_KERNEL=FILTER_ON
IPALWAYSDEFRAG_KERNEL=YES
CONFIG_HOSTNAME=YES
CONFIG_HOSTSFILE=YES
#CONFIG_DNS=NO
CONFIG_DNS=YES
###############################################################################
# Interfaces
###############################################################################
# Start pppd PPP interfaces first as pppd's use of DNS can delay startup.
#
# Interfaces to start on boot go here - ie "ppp0 eth0"
IF_AUTO="ppp0 eth0"
# List of all configured interfaces, manual start and boot start
IF_LIST="$IF_AUTO"
# Accept ICMP Redirects on ALL interfaces, also depends on /proc
# per interface IP forwarding flag. - YES/NO
ALLIF_ACCEPT_REDIRECTS=NO
# Need these both for interfaces run by daemons - ie PPP, CIPE, some
# WAN interfaces
# IP spoofing protection by default for interfaces - YES/NO
DEF_IP_SPOOF=YES
# Kernel logging of spoofed packets by default for interfaces - YES/NO
DEF_IP_KRNL_LOGMARTIANS=YES
# Bridge Setup - Global stuff
#
# Enable bridging - YES/NO
BRG_SWITCH=NO
# Exempt ethernet protocol types - type "brcfg list" to find out allowed
# values
BRG_EXEMPT_PROTOS=""
ppp0_IPADDR=0.0.0.0
ppp0_MASKLEN=0
ppp0_BROADCAST=0.0.0.0
# Use this to set the default route if required - ONLY one to be set.
# routed or gated could be used to set this so only use if not running these.
ppp0_DEFAULT_GW=0.0.0.0
# Secondary IP addresses/networks on same wire - add them here
#ppp0_IP_EXTRA_ADDRS="192.168.1.193 192.168.2.1/24"
# IP spoofing protection on this interface - YES/NO
ppp0_IP_SPOOF=YES
# Kernel logging of spoofed packets on this interface - YES/NO
ppp0_IP_KRNL_LOGMARTIANS=YES
# This setting affects the processing of ICMP redirects. Setting it to NO
# makes this more secure. Don't turn this off if you have two IP
# networks/subnets on the same media - YES/NO
ppp0_IP_SHARED_MEDIA=NO
# Bridge this interface - YES/NO
ppp0_BRIDGE=NO
# Proxy-arp from this interface, no other config required to turn on proxy
ARP!
# - YES/NO
ppp0_PROXY_ARP=NO
# Simple QoS/fair queueing support
# Turn on Stochastic Fair Queueing - useful on busy DDS links - YES/NO
#ppp0_FAIRQ=NO
# Ethernet Transmit Queue Length
# eth0_TXQLEN=100
# Complex QoS - Enable all of these + above to turn it on
#eth0_BNDWIDTH=10Mbit # Device bandwidth
#eth0_HNDL=2 # Queue Handle - must be unique
#eth0_IABURST=100 # Interactive Burst
#eth0_IARATE=1Mbit # Interactive Rate
#eth0_PXMTU=1514 # Physical MTU - includes Link Layer header
eth0_IPADDR=192.168.100.1
eth0_MASKLEN=24
eth0_BROADCAST=192.168.100.255
eth0_IP_SPOOF=YES
eth0_IP_KRNL_LOGMARTIANS=YES
eth0_IP_SHARED_MEDIA=NO
eth0_BRIDGE=NO
eth0_PROXY_ARP=NO
eth0_FAIRQ=NO
# Sangoma FR example
(((snip)))
# PPP interface stuff - these apply to all ASYNC ppp interfaces, options
# same as ethernet above.
ppp0_BNDWIDTH=30Kbit
ppp0_FAIRQ=YES
ppp0_TXQLEN=30
ppp0_IABURST=20
ppp0_IARATE=10Kbit
ppp0_PXMTU=1500
###############################################################################
# IP Filter setup - can pull in settings from above
###############################################################################
# Set up the basic type of filtering. Can be one of (none|router|firewall)
# You must load the ip_masq_* modules to enable full IP masquerading, and
# ip_masq_portfw if you want to forward external ports pop-3, mtp, www
# to internal machines below.
IPFILTER_SWITCH=firewall
# This set of variables is used with both sets of filters
SNMP_BLOCK=YES # Block all SNMP (YES/NO)
# List of IP Nos used for SNMP management
SNMP_MANAGER_IPS=""
# Fair Queuing support
# List of Mark values
MRK_CRIT=1 # Critical traffic, routing, DNS
MRK_IA=2 # Interactive traffic - telnet, ssh, IRC
# List of traffic types and maps to mark
values
# Setting this variable turns on the
# fairq chain
CLS_FAIRQ="${MRK_CRIT}_89_0/0 ${MRK_CRIT}_udp_0/0_route
${MRK_CRIT}_tcp_0/0_bgp ${MRK_CRIT}_tcp_0/0_domain ${MRK_CRIT}_udp_0/0_doma
in ${MRK_IA}_tcp_0/0_telnet ${MRK_IA}_tcp_0/0_ssh"
# This set of variables is used with the basic routing filter setup
# This set of variables is used with a basic IP masquerading firewall setup
#Notation - IP addresses/masklen
#
# NOTE: Do NOT turn on the DMZ network or ANY external port masquerading/
# port forwarding when EXTERN_DYNADDR is on because some security
# leaks will result. You may also want to limit the external open
# ports to domain (UDP) for DNS. Anyhow, these features are not that
# usable unless you have a static external address
#
EXTERN_IF="ppp0" # External Interface
#
# Start of changes by Charles Steinkuehler for DHCP
#
# Added for DHCP support
# Setting this to YES causes the script to read EXTERN_IP directly from
# the interface
#EXTERN_DHCP=YES # - YES/NO
EXTERN_DHCP=NO # - YES/NO
# The interface to configure via dhcp
IF_DHCP=$EXTERN_IF
# If YES, your firewall filters use 0/0 for your IP address, instead of your
# actual IP address. Set this to NO for typical ethernet setups, even if you
# are using DHCP
# External Address dynamically assigned
EXTERN_DYNADDR=NO # - YES/NO
# -- OR --
EXTERN_IP=0.0.0.0 # External Interface IP number
# If external interface is DHCP, read the IP address
# This should probably be moved to the init.d network script, but it seemed
# I put it here for now, as it is more obvious what it is doing, in case it
# messes something else up.
if [ "$EXTERN_DHCP" = "YES" ] || \
[ "$EXTERN_DHCP" = "Yes" ] || \
[ "$EXTERN_DHCP" = "yes" ]; then
# This computes the IP address of $EXTERN_IF
# Grep extracts just the line(s) with IP address information from the output
# of ip addr. The first sed gets rid of all but the first line (in case
# there are several IP addresses for some reason), and next sed extracts
# just the IP address in dot quad notation.
EXTERN_IP=`ip addr list label $EXTERN_IF | \
grep inet | \
sed '1!d' | \
sed 's/^[^.0-9]*\([.0-9]*\).*$/\1/'`
# Debugging - Remove if you like
# echo Extern IP: $EXTERN_IP
# If the external address is not configured, use a bogus address for the
# external interface to prevent a bunch of (harmless) errors that spit out
# when the IPCHAINS script is called.
if [ x$EXTERN_IP = x ]; then
EXTERN_IP=192.168.254.254
fi
fi
# UDP Services open to outside world
# - srcip/mask_dstport
# NOTE: bootpc port is used for dhcp client
EXTERN_UDP_PORTS="0/0_domain 0/0_ntp 0/0_bootpc"
#
# End of changes made by Charles Steinkuehler for dhcp support
#
# TCP services open to outside world
# - srcip/mask_dstport
EXTERN_TCP_PORTS="0/0_ssh 0/0_smtp"
# Internal interface
INTERN_IF="eth0" # Internal Interface
INTERN_NET=192.168.100.0/24 # Internal network (to be masqueraded)
INTERN_IP=192.168.100.1 # IP number of Internal Interface
# (to allow forwarding to external IP)
MASQ_SWITCH=YES # Masquerade internal network to outside
# world - YES/NO
# These services are not masqueraded from inside to outside.
proto_destnet_port
# Allows the firewall to be trusted for ssh access to routers...
# Override for below
#NOMASQ_DEST_BYPASS="tcp_10.0.0.1_ssh"
# services not to be masqueraded
#NOMASQ_DEST="tcp_0/0_ssh"
# Uncomment following for internal services.
# The following is an example of what should be put here.
# Tuples are as follows:
# <protocol>_<extern-ip>_<extern-port>_<intern-ip>_<intern-port>
#INTERN_SERVERS="tcp_${EXTERN_IP}_ftp_192.168.1.1_ftp
tcp_${EXTERN_IP}_smtp_192.168.1.1_smtp"
# These lines use the primary external IP address...if you need to
port-forward
# an aliased IP address, use the INTERN_SERVERS setting above
#INTERN_FTP_SERVER=192.168.1.1 # Internal FTP server to make available
#INTERN_WWW_SERVER=192.168.1.1 # Internal WWW server to make available
#INTERN_SMTP_SERVER=192.168.1.1 # Internal SMTP server to make available
#INTERN_POP3_SERVER=192.168.1.1 # Internal POP3 server to make available
#INTERN_IMAP_SERVER=192.168.1.1 # Internal IMAP server to make available
#INTERN_SSH_SERVER=192.168.1.1 # Internal SSH server to make available
#EXTERN_SSH_PORT=24 # External port to use for internal SSH access
###############################################################################
# Interface activation/deactivation functions
# Here so that special interface commands can be called and daemons started
#
# Arps can be set up here, network/host routes and so forth.
#
# This appears to be a little messy but is needed to achieve maximum
# functionality and flexibility.
#
###############################################################################
(((snip)))
###############################################################################
# Hostname Requires: CONFIG_HOSTNAME=YES
###############################################################################
HOSTNAME=firewall
###############################################################################
# Hosts file (Static domainname entires) Requires: CONFIG_HOSTSFILE=YES
###############################################################################
# IP FQDN hostname alias1
alias2..
HOSTS0="$eth0_IPADDR $HOSTNAME.glc $HOSTNAME mr rtr"
#HOSTS1="192.168.1.22 host2.private.network host2 h2"
###############################################################################
# Domain Search Order and Name Servers Requires: CONFIG_DNS=YES
###############################################################################
DOMAINS=enc.k12.il.us
DNS0=206.166.17.20
DNS1=206.166.83.20
#DNS1=0.0.0.0
--
Robert S. Peterson
31 N Alfred, Elgin IL 60123 USA
847/697-6491
Compass Adjusting for Lake Michigan navigators since 1985
Physics @ Bartlett HS
e-mail: rpeterson(at)enc.k12.il.us
-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps1
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
