Hanan, I'm getting a bit lost here. I thought you had two eth cards. Usual setup for a static IP DSL system would be something like:
eth0: 192.168.0.1 mask 255.255.255.0 eth1: ip-allocated-by-provider mask whatever-they-say iptables set up to masquerade through eth0 and allow anything and everything on eth0, but keep the nasties away on eth1. Of course eth0 and eth1 could be swapped - nothing special about which does what as long as the settings are consistent. Maybe we can just verify that the above is what you want to achieve, have you post a bunch of config files and see if we can sort it from there. Brian On Tue, 2002-03-26 at 03:03, Hanan Shargi wrote: > well, maybe it would help to give more info, I'll show some > of bastille-firewall.cfg settings later to make things clearer, > > though this makes me wanna ask : Does this file replaces the iptables file ?? > i couldnt find an iptables.cfg file anywhere, in what directory ?? > > in network configuration I have: > > eth0 static up > eth1 static down > eth2 static up > > > to confuse me more , Sometimes the eth2 is down and the eth1 is up !!! > > > here is part of bastille-firewall.cfg : > > # "public" interfaces: > # TCP_PUBLIC_SERVICES="" > # > # UDP services that "public" hosts should be allowed to connect to > # UDP_PUBLIC_SERVICES="" > IP_MASQ_NETWORK="" > IP_MASQ_MODULES="" > > TCP_PUBLIC_SERVICES="22 25 109 110 143 23 53 80 443 20 21" > # MINIMAL/SAFEST > UDP_PUBLIC_SERVICES="53" > TCP_INTERNAL_SERVICES="" > UDP_INTERNAL_SERVICES="": > : > TCP_BLOCKED_SERVICES="6000:6020" > UDP_BLOCKED_SERVICES="2049" > ICMP_ALLOWED_TYPES="destination-unreachable echo-reply time-exceeded" > > # Set this variable if you're using IP Masq / NAT for a local network > #IP_MASQ_NETWORK="" # DISABLE/SAFEST > #IP_MASQ_NETWORK="10.0.0.0/8" # example > #IP_MASQ_NETWORK="192.168.0.0/16" > > #DHCP_IFACES="eth0" # example, to allow you to query on > eth0 > #DHCP_IFACES="" # DISABLED > : > : > ICMP_OUTBOUND_DISABLED_TYPES="destination-unreachable time-exceeded" > DROP_SMB_NAT_BCAST="Y" > > DHCP is off , As for my ISP, they gave me a static IP ( eth0 ), but I was > wonderong about a dynamic IP for the w2k machine ,( and probably for any futur > machine to connect tp the lan ) > > --------------------- > Hanan AL-Shargi > > > ---- > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
