I'm attempting to setup a full firewall on my network at work.
When I have the following (eth1 and eth2 are /24 subnet):
eth0 (111.222.333.254) connected to a hub (static route to 111.222.333.1
mask /32)
eth1 (111.222.333.253) connected to a hub
eth2 (192.168.0.1) connected to a hub
T1 router (111.222.333.1) connected to a hub
Workstations inside the 111.222.333.x subnet have their gateway set to
111.222.333.253.
When I have all interfaces (eth0-2 and the router) connected to a hub,
things work great, however, DMZ (111.222.333 network) is not controlled
via the firewall box, the router has free reign of the network (not very
secure). When all interfaces are connected to the hub, workstations can
get out of the building using eth1's address as a gateway. No problem.
Here is the problem: When I attempt to connect a cross-over cable to
the router directly to eth0, no workstation can get outside of the
building. Traceroutes stop with the 111.222.333.253 interface.
However, at the firewall box, I can go everywhere (outside the building,
to the DMZ, to the protected network, etc).
I even tried using metric 1 (the routing table shows metric 0 default)
and it still does not work. Again, from the box itself, it can go out
through the router to the internet, but workstations connected to the
253 card (eth1) can't.
My IPChains info (if this is the problem), with everything wide-open for
the moment:
Chain input (policy ACCEPT):
Chain forward (policy ACCEPT):
target prot opt source
destination ports
MASQ all ---- 192.168.0.1/24 0.0.0.0/0
n/a
ACCEPT all ---- 111.222.333.0/24 0.0.0.0/0 n/a
Chain output (policy ACCEPT):
Please help!!
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
