John Turnbull wrote: > I am sorry to repost this request, but I have still not managed to turn > on forwarding in Mandrake SNF (original description follows). I do know > a little more. I have managed to install a different firewalling distro > - smoothwall (www.smoothwall.org), so I do know that the problem is not > due to some HP proprietary hardware weirdness. > > How would I turn on forwarding, manually, in SNF? > > Thank you again. John T > > > John Turnbull wrote: > >>I have installed Mandrake SNF on an elderly HP Ventra with a 200MHz >>Pentium Pro in a test-bed configuration. >> >>I have it set up with eth0 (ne2k-pci card - 192.168.3.34) connected to >>the LAN side of my network and eth1 (3c59x - 192.168.4.34) running >>through a crossover cable to a laptop acting as a stand-in for the >>internet. >> >>From the HP firewall, I can ping both of its NICs and can also ping the >>'internet' (laptop - 192.168.4.65) and any internal machine (say: >>192.168.3.45), so the TCP/IP stuff seems to be fine. >> >>I can connect to the HP firewall with either ssh or Mandrake Security >>(port 8443: I intentionally set it up to allow both) from either the LAN >>side or the 'internet' side, but I cannot connect from the LAN side to >>the internet side at all. >> >>Mandrake Security - Restrict Access lists >> Firewall Rules on >>and >>Mandrake Security - Internet Access lists >> Access Status Down >>and no amount of poking 'Start' or 'Stop', in any combination, seems >>to change its status. . . sigh >> >>Any hints on how I should proceed would be appreciated. >> >>Thank you in advance. John T >> >>(BTW what does 'Test' do?) >> John, The command line solution can be found on page 216 of the Linux Network Administrator's Guide by Kirch & Dawson (O'Reilly & Associates). Depending on your kernel, one or more of these two line commands should take care of you. Try each of them until one works. After each attempt go to one of the LAN-side boxen and ping 216.239.39.100. That's the IP for www.google.com. If you get no response, you need to move on and try the next pair of commands for IP forwarding. If you get a response, try pinging www.google.com. If you can ping the IP but not the domain name, you need to setup DNS and I can tell you how to do that, too. Anyway, here's those commands, don't forget to "su" into root and remember that everything is case sensitive: # ipfwadm -F -p deny # ipfwadm -F -a accept -m -S 192.168.0.0/24 -D 0/0 (if your home network is different from 192.168.0.0, change the command to suit your network, just don't forget the /24 at the end, the same holds for the next pair of commands if these don't work) # ipchains -P forward -j deny # ipchains -A forward -s 192.168.0.0/24 -d 0/0 -j MASQ and, lastly: # iptables -t nat -P POSTROUTING DROP # iptables -t nat -A POSTROUTING DROP -o ppp0 -j MASQUERADE In that last case you will want to change "ppp0" to the appropriate ethernet device if you are connected through a DSL/cable connection on one of your ethernet cards, as opposed to a dial-up connection like these instructions assume. Anyway, if you need any more help feel free to post again because I've learned a lot of networking stuff and I can recite the NetAdmin's guide like scripture now. Good luck and please let me know if this works for you. In Solidarity, Isaac "Nolite te bastardes carborundorum." (Don't let the bastards grind you down) - The Handmaid's Tale, Margaret Atwood
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com