James Michael Keller wrote:
> Well it still works if I ignore linuxconf's firewall screen and just
> put them in the rc.local file. I'd like to see linuxconf use something
> like an /etc/rc.d/rc.firewall script, so that they could also be hand
> edited if needed.
I support that idea :-)
>
> I'm not sure exactly were the heck linuxconf is putting the configs
> when it writes them, so I could compare them to my working rc.local line
> and see where I might be putting the wrong things.
The firewall rules are put in /etc/conf.linuxconf.
Here is the masq setup I use on my home system, which works as it
should. It is enabled by adding one forward route from 192.168.1.0 to
0.0.0.0, checking the masq box, and enable forward rules in the
firewallings default dialog. Clients from the localnet are masqed out on
the net as they should (same network setup as you have), the only
difference is that Im dialing through a ISDN demand link, but that
shouldn't make any difference i think. You should also check that the fw
rules are added by linuxconf whenever you change anything, I had a
problem with fw rules not getting activeted after I changed them via
Linuxconf.
(from /etc/conf.linuxconf)
[firewall]
FWSPCMOD.ip_masq_cuseeme 1
FWSPCMOD.ip_masq_ftp 1
FWSPCMOD.ip_masq_irc 1
FWSPCMOD.ip_masq_raudio 1
FWSPCMOD.ip_masq_quake 1
FWSPCMOD.ip_masq_vdolive 1
FWSPCMOD.IRCPORTS
firewall.activeb 0
firewall.activeo 0
firewall.activea 0
firewall.activef 1
firewall.forward "1" "all" "192.168.1.0" "" "" "" "Any" "0.0.0.0" "" ""
"" "Any" "1" "0"
(after linuxconf has activated fw:)
ipfwadm -F -l
IP firewall forward rules, default policy: deny
type prot source destination ports
acc/m all 192.168.1.0/24 anywhere n/a
acc all 192.168.1.0/24 192.168.11.0/24 n/a
---
You are currently subscribed to linuxconf as: [[email protected]]
To unsubscribe, forward this message to [EMAIL PROTECTED]
