Re: firewall y router

2003-09-04 Thread Matias 
El Thu, 4 Sep 2003 19:53:45 -0700 (PDT)
Fortino Sosa-Monterrubio [EMAIL PROTECTED] escribió:

 Hola lista,
 
 Tengo una pequeña LAN conectado a internet a través de un server
 corriendo linux, y con squid como proxy, he configurado el proxy y
 he logrado que las máquinas accesen a los sitios de internet a
 través de ese proxy, habilitando el enrutamiento de la siguiente
 manera:
 
 net.ipv4.ip_forward = 0

Debería estar en 1 para que esté habilitado el ip_forward (el
enrutamiento). Aunque usualmente en Debian te dirán escribe en
/etc/network/options algo como:
---cortar aquí---
ip_forward=yes
---cortar aquí---
y listo.

Lo que estas haciendo aquí es que toda las conexiones de tu red
interna que se dirijan a internet se descarten, y la única forma de
salir a internet es desde el mismo gateway.

 
 del fichero /etc/sysctl.conf, de tal manera que tengo acceso a todo
 internet desde mi LAN, pero sucede que hay ciertos sitios como el de
 yahoo juegos (yahoo games) que cuando entro a los juegos, me dicen
 que he sido desconectado del servidor, por cualquiera de las
 siguientes razones:
 
 1) Estoy tras un firewall.

Si, estas tras un firewall que descarta las conexiones de la red
interna que se dirigen hacia internet.

 2) El server está en mantenimiento (de yahoo) que no es probable, ya
 que conectandome directo (sin la LAN) si entra.
 
 Como puedo hacer para que el firewall me permita accesar a páginas
 como las de yahoo o como las de latinchat??
 

Yo en Linux nunca he utilizado las variables del sysctl, aunque si
las he tenido que utilizar en otros Unix-like, por eso no se si
funcionan de la misma manera en Linux.

Deberías configurar tu máquina para que haga nat, en google
encontraras varios HOWTOS (incluso en castellano) de como hacer esto.

No recuerdo bien, pero creo que el java de BlackDown (o algún otro
jre) permitía poner una variable de proxy. Si lo pruebas y te funciona
sería bueno que lo comentes en la lista, porque hace poco tiempo había
alguien preguntando algo relacionado (creo) y le puede servir.











-- 
Atentamente, yo Matías
Nunca hay libertad en una invasión
http://nnss.reop.net
http://savannah.gnu.org/projects/tasklist

Re: firewall y router

2003-09-04 Thread David Vargas 
Yo tuve el mismo problema, y lo que tive que hacer es no tener un proxy
pero si habilitar un gateway con mi servidor.. ya que el proxy tiene
algunas funcionalidades de los firewalls.. asi que sorry, cambia a un
gateway, y crea reglas de filtrado con iptables para controlar lo que pasa
en tu red..




 Hola lista,

 Tengo una pequeña LAN conectado a internet a través de un server
 corriendo linux, y con squid como proxy, he configurado el proxy y he
 logrado que las máquinas accesen a los sitios de internet a través de
 ese proxy, habilitando el enrutamiento de la siguiente manera:

 net.ipv4.ip_forward = 0

 del fichero /etc/sysctl.conf, de tal manera que tengo acceso a todo
 internet desde mi LAN, pero sucede que hay ciertos sitios como el de
 yahoo juegos (yahoo games) que cuando entro a los juegos, me dicen que
 he sido desconectado del servidor, por cualquiera de las
 siguientes razones:

 1) Estoy tras un firewall.
 2) El server está en mantenimiento (de yahoo) que no es probable, ya que
 conectandome directo (sin la LAN) si entra.

 Como puedo hacer para que el firewall me permita accesar a páginas como
 las de yahoo o como las de latinchat??

 muchas gracias por su ayuda.

 Fortino Sosa-Monterrubio.

 __
 Do you Yahoo!?
 Yahoo! SiteBuilder - Free, easy-to-use web site design software
 http://sitebuilder.yahoo.com


 --
 To UNSUBSCRIBE, email to [EMAIL PROTECTED]
 with a subject of unsubscribe. Trouble? Contact
 [EMAIL PROTECTED]



-
Conéctate con Chile.com.
http://www.chile.com/accesogratis/

Re: Firewall or router

2000-02-11 Thread Jeremy Gaddis 
On 10 Feb 2000, Arcady Genkin wrote:

 Then I'm trying to ping 192.168.1.1 from the laptop, and
 can't. Traceroute to that address stops at 192.168.2.1, so I guess
 that the request is routed correctly, but the Debian box wouldn't
 forward it.

I would check to see if you have IP Forwarding
enabled in the debian machine, as it seems that you
have routing set up correctly.

--
Jeremy Gaddis  mailto:[EMAIL PROTECTED]

Re: Firewall or router

2000-02-10 Thread Matthew Dalton 
The laptop needs the following settings:
- Gateway - your Debian box (192.168.2.1)
- a route to the 192.168.2.x network

The Debian box needs:
- forwarding enabled
- Gateway - your FreeBSD pc (192.168.1.1)
- a route to the 192.168.2.x network
- a route to the 192.168.1.x network

The FreeBSD box will probably have to be configured to forward packets
from 192.168.2.x as well as 192.168.1.x (unless you configured it to NAT
to 192.168.x.x in the first place). I don't know much about FreeBSD, but
to do this in Linux I would add an extra ipchains (ipfwadm for 2.0.x
kernel) rule to MASQ to that network, as well as the original one.

Matthew

Arcady Genkin wrote:
 
 Hi. I've just got a laptop computer. I already have a two-computer
 network running with a FreeBSD box doing NAT and firewalling, and a
 Debian box behind it. I need to obtain means of connecting my notebook
 to the 'net.
 
 Because I'm too cheap to buy a hub, and also because I have a bunch of
 networking cards lying around (that don't match), I put an extra NIC
 into the Debian box and connected the laptop to it. The network works
 fine. Laptop has IP 192.168.2.2, Debian box has IPs 192.168.2.1 (to
 the laptop), and 192.168.1.2 (to the firewall). The FreeBSD box has an
 IP of 192.168.1.1 on the inside, and a real IP on the outside.
 
 My question is: what do I want to do with my Debian box so that the
 laptop could talk to the 'net? As far as I understand, I just need to
 configure it a router (to route all traffict from 192.168.2.2 through
 192.168.1.1), correct?
 
 Also, will I need to modify anything on my firewall? Do I need to add
 a routing entry for 192.168.2 network? I'm afraid it would try to look
 for it in the outside...
 
 FWIW, the laptop runs Slackware.
 
 Thanks for any comments, suggestions, etc.!
 --
 Arcady Genkin http://www.thpoon.com
 Nostalgia isn't what it used to be.
 
 --
 Unsubscribe?  mail -s unsubscribe [EMAIL PROTECTED]  /dev/null

Re: Firewall or router

2000-02-10 Thread Arcady Genkin 
Matthew Dalton [EMAIL PROTECTED] writes:

 The laptop needs the following settings:
 - Gateway - your Debian box (192.168.2.1)
 - a route to the 192.168.2.x network
 
 The Debian box needs:
 - forwarding enabled
 - Gateway - your FreeBSD pc (192.168.1.1)
 - a route to the 192.168.2.x network
 - a route to the 192.168.1.x network

Mathew, thanks for your reply. I'm having a bit of a trouble here. I
did on the Debian box to enable IP forwarding:
echo 1  /proc/sys/net/ipv4/ip_forward
echo 0  /proc/sys/net/ipv4/conf/all/rpfilter

Then I did on the laptop:
route add default gw 192.168.2.1

,[ Debian box's routing table ]
| tea:/usr/home/antipode$ /sbin/route -n
| Kernel IP routing table
| Destination Gateway Genmask Flags Metric RefUse Iface
| 172.16.160.00.0.0.0 255.255.255.0   U 0  00 vmnet1
| 192.168.2.0 0.0.0.0 255.255.255.0   U 0  00 eth1
| 192.168.1.0 0.0.0.0 255.255.255.0   U 0  00 eth0
| 0.0.0.0 192.168.1.1 0.0.0.0 UG1  00 eth0
`

,[ The laptop's routing table ]
| espresso:~$ /sbin/route -n
| Kernel IP routing table
| Destination Gateway Genmask Flags Metric RefUse Iface
| 192.168.2.0 0.0.0.0 255.255.255.0   U 0  00 eth0
| 127.0.0.0   0.0.0.0 255.0.0.0   U 0  00 lo
| 0.0.0.0 192.168.2.1 0.0.0.0 UG0  00 eth0
`

Then I'm trying to ping 192.168.1.1 from the laptop, and
can't. Traceroute to that address stops at 192.168.2.1, so I guess
that the request is routed correctly, but the Debian box wouldn't
forward it.

Could somebody point me in the right direction?

Thanks in advance!

  Hi. I've just got a laptop computer. I already have a two-computer
  network running with a FreeBSD box doing NAT and firewalling, and a
  Debian box behind it. I need to obtain means of connecting my notebook
  to the 'net.
  
  Because I'm too cheap to buy a hub, and also because I have a bunch of
  networking cards lying around (that don't match), I put an extra NIC
  into the Debian box and connected the laptop to it. The network works
  fine. Laptop has IP 192.168.2.2, Debian box has IPs 192.168.2.1 (to
  the laptop), and 192.168.1.2 (to the firewall). The FreeBSD box has an
  IP of 192.168.1.1 on the inside, and a real IP on the outside.
  
  My question is: what do I want to do with my Debian box so that the
  laptop could talk to the 'net? As far as I understand, I just need to
  configure it a router (to route all traffict from 192.168.2.2 through
  192.168.1.1), correct?
  
  Also, will I need to modify anything on my firewall? Do I need to add
  a routing entry for 192.168.2 network? I'm afraid it would try to look
  for it in the outside...
  
  FWIW, the laptop runs Slackware.

-- 
Arcady Genkin http://www.thpoon.com
Nostalgia isn't what it used to be.