Hanan, I think you should have the NIC whose address is 192.168.0.1 listed in your trusted interfaces in
/etc/Bastille/bastille-firewall.cfg HTH Brian On Fri, 2002-03-29 at 02:24, Hanan Shargi wrote: > Hi every one, > > I spent the past 2 days ( almost ) reading about how to set ip masquerading , > iptables, ipchains, setting NFS ....etc. just to be able to put my hands on > the problem why cant my w2k machine ping the linux machine ( both on a lan > where linux machine has 2 eth cards, one IP for external network (internet > with a static IP ) and the other eth for local network with IP 192.168.0.1 ) > to hopefully fix this ping issue, SO FINALLY I'd be able to share my files > between the 2 machines !!!! > > needless to say I couldnt come up with the fix :( > Now I desperatly need some expert here (or non expert ) to answer my > following question PLEASE :( > > During a "thorough" investigation of the files on my LM 8.1 system which I set > up as a router to my home lan ( I set up the internet sharing and networking > stuff ..ect using Mandrake control center) > I found that there are the following files on my LM 8.1 sys: > > /etc/Bastille/bastille-firewall.cfg > > I'll list the relevant contents of this file ( only uncommented lines ) > > DNS_SERVERS="205.177.x.x 205.177.x.x " > > TRUSTED_IFACES="lo" > PUBLIC_IFACES="eth+ ppp+ slip+" > INTERNAL_IFACES="" > > TCP_AUDIT_SERVICES="telnet ftp imap pop3 finger sunrpc exec login linuxconf > sh" > UDP_AUDIT_SERVICES="31337" > ICMP_AUDIT_TYPES="" > > TCP_PUBLIC_SERVICES="22 25 109 110 143 23 53" > MINIMAL/SAFEST > UDP_PUBLIC_SERVICES="53" > TCP_INTERNAL_SERVICES="" > UDP_INTERNAL_SERVICES="" > > FORCE_PASV_FTP="N" > > TCP_BLOCKED_SERVICES="6000:6020" > UDP_BLOCKED_SERVICES="2049" > ICMP_ALLOWED_TYPES="destination-unreachable echo-reply time-exceeded" > > IP_MASQ_NETWORK="" > IP_MASQ_MODULES="" > REJECT_METHOD="DENY" > > DHCP_IFACES="" > > NTP_SERVERS="" > ICMP_OUTBOUND_DISABLED_TYPES="destination-unreachable time-exceeded" > > DROP_SMB_NAT_BCAST="Y" > ----------------------------------------- > > and this file : > /etc/rc.d/rc.firewall ===> which have the following content: > > # Automatically added by drakgw > [ -x /etc/rc.d/rc.firewall.inet_sharing ] && > /etc/rc.d/rc.firewall.inet_sharing > > # Mandrake-Security : if you remove this comment, remove the next line too. > echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter > ----------------------------------------- > > And another file : > > /etc/rc.d/rc.firewall.inet_sharing-2.4 which have the following content: > #!/bin/sh > modprobe iptable_nat > echo 1 > /proc/sys/net/ipv4/ip_forward > /sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE > /sbin/iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT > /sbin/iptables -A INPUT -i eth2 -p udp --sport bootpc --dport bootps -j ACCEPT > /sbin/iptables -A INPUT -i eth2 -p tcp --sport bootpc --dport bootps -j ACCEPT > /sbin/iptables -A INPUT -i eth2 -p udp --sport bootps --dport bootpc -j ACCEPT > /sbin/iptables -A INPUT -i eth2 -p tcp --sport bootps --dport bootpc -j ACCEPT > /sbin/iptables -A INPUT -i eth2 -p udp --dport domain -j ACCEPT > /sbin/iptables -A INPUT -i eth2 -p tcp --dport domain -j ACCEPT > > > I tried applying some changes to the peceeding files, and it resulted in > either no changes / or breaking the connection sharing .. > > If somebody can tell me what exactly shall I change, or even how does this > connectiong sharing / bastille firewall basically work together to support the > internet sharing and routing thing....as the more I read in the how-tos the > more lost I feel... as nothing seem to be as they describe in these how-to's. > > Any help would be appreciated AS I'm totally lost here. > > Regards. > > --------------------- > Hanan AL-Shargi > > > ---- > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
