On Mercredi 02 Mai 2001 14:04, Eric Howland wrote :
I recently downloaded RC1 and set it up in two situations. I posted a
long message to this list last Sat night. I have not seen any response
so I thought I would re-edit, in case the post was too confusing,
simplify my question so the folks who are pushing to get out the next
release don't feel they have to give a long response and only re-post
the two parts that concern me the most.
Sorry that we did not reply earlier.
2. From all browsers, I get a message saying that the security
certificate has expired. This is more persistent from some
browsers/platforms than others.
I wonder if I am doing something wrong as I see no mention of this in
the mailing list archives (thanks for posting the link). I also had
this with the last beta version.
That's normal.
4. Although I know that a DMZ is not explicitly supported I thought I
might be able to do have some of that functionality by adding a third NIC.
They are now :
eth0 192.168.1.0/24 -- internal network
eth1 now DHCP soon to be static external IP -- Internet connection
eth2 192.168.2.0/24 - DMZ subnet
route tells me this is all in place.
I got RC1 to recognize all the cards and set up a Sparc on the DMZ
subnet. The sparc can Ping the firewall machine, the firewall machine
can ping the sparc. But if I redirect incoming HTTPD traffic to
198.168.2.56 I do not see any activity on the eth2 interface.
Would people expect this to work at all?
We haven't tested this situation at all, to be honnest.
Nonetheless, it should work AFAIK; there may be a problem with iptoip or our
ipchains rules, though.
You may take a look at the logs after activating the logging of rejected
packets (Alert menu) to see if any rule blocks the packets.
You may also check that your eth2 interface is listed in INTERNAL_INTERFACES
in /var/lib/configuration. If not, use naat-console to update it.
You may also look at /etc/init.d/iptoip and /etc/init.d/bastille-firewall if
you're curious enough :-)
Hope this helps,
Renaud