Re: firewall y router
El Thu, 4 Sep 2003 19:53:45 -0700 (PDT) Fortino Sosa-Monterrubio [EMAIL PROTECTED] escribió: Hola lista, Tengo una pequeña LAN conectado a internet a través de un server corriendo linux, y con squid como proxy, he configurado el proxy y he logrado que las máquinas accesen a los sitios de internet a través de ese proxy, habilitando el enrutamiento de la siguiente manera: net.ipv4.ip_forward = 0 Debería estar en 1 para que esté habilitado el ip_forward (el enrutamiento). Aunque usualmente en Debian te dirán escribe en /etc/network/options algo como: ---cortar aquí--- ip_forward=yes ---cortar aquí--- y listo. Lo que estas haciendo aquí es que toda las conexiones de tu red interna que se dirijan a internet se descarten, y la única forma de salir a internet es desde el mismo gateway. del fichero /etc/sysctl.conf, de tal manera que tengo acceso a todo internet desde mi LAN, pero sucede que hay ciertos sitios como el de yahoo juegos (yahoo games) que cuando entro a los juegos, me dicen que he sido desconectado del servidor, por cualquiera de las siguientes razones: 1) Estoy tras un firewall. Si, estas tras un firewall que descarta las conexiones de la red interna que se dirigen hacia internet. 2) El server está en mantenimiento (de yahoo) que no es probable, ya que conectandome directo (sin la LAN) si entra. Como puedo hacer para que el firewall me permita accesar a páginas como las de yahoo o como las de latinchat?? Yo en Linux nunca he utilizado las variables del sysctl, aunque si las he tenido que utilizar en otros Unix-like, por eso no se si funcionan de la misma manera en Linux. Deberías configurar tu máquina para que haga nat, en google encontraras varios HOWTOS (incluso en castellano) de como hacer esto. No recuerdo bien, pero creo que el java de BlackDown (o algún otro jre) permitía poner una variable de proxy. Si lo pruebas y te funciona sería bueno que lo comentes en la lista, porque hace poco tiempo había alguien preguntando algo relacionado (creo) y le puede servir. -- Atentamente, yo Matías Nunca hay libertad en una invasión http://nnss.reop.net http://savannah.gnu.org/projects/tasklist
Re: firewall y router
Yo tuve el mismo problema, y lo que tive que hacer es no tener un proxy pero si habilitar un gateway con mi servidor.. ya que el proxy tiene algunas funcionalidades de los firewalls.. asi que sorry, cambia a un gateway, y crea reglas de filtrado con iptables para controlar lo que pasa en tu red.. Hola lista, Tengo una pequeña LAN conectado a internet a través de un server corriendo linux, y con squid como proxy, he configurado el proxy y he logrado que las máquinas accesen a los sitios de internet a través de ese proxy, habilitando el enrutamiento de la siguiente manera: net.ipv4.ip_forward = 0 del fichero /etc/sysctl.conf, de tal manera que tengo acceso a todo internet desde mi LAN, pero sucede que hay ciertos sitios como el de yahoo juegos (yahoo games) que cuando entro a los juegos, me dicen que he sido desconectado del servidor, por cualquiera de las siguientes razones: 1) Estoy tras un firewall. 2) El server está en mantenimiento (de yahoo) que no es probable, ya que conectandome directo (sin la LAN) si entra. Como puedo hacer para que el firewall me permita accesar a páginas como las de yahoo o como las de latinchat?? muchas gracias por su ayuda. Fortino Sosa-Monterrubio. __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] - Conéctate con Chile.com. http://www.chile.com/accesogratis/
Re: Firewall or router
On 10 Feb 2000, Arcady Genkin wrote: Then I'm trying to ping 192.168.1.1 from the laptop, and can't. Traceroute to that address stops at 192.168.2.1, so I guess that the request is routed correctly, but the Debian box wouldn't forward it. I would check to see if you have IP Forwarding enabled in the debian machine, as it seems that you have routing set up correctly. -- Jeremy Gaddis mailto:[EMAIL PROTECTED]
Re: Firewall or router
The laptop needs the following settings: - Gateway - your Debian box (192.168.2.1) - a route to the 192.168.2.x network The Debian box needs: - forwarding enabled - Gateway - your FreeBSD pc (192.168.1.1) - a route to the 192.168.2.x network - a route to the 192.168.1.x network The FreeBSD box will probably have to be configured to forward packets from 192.168.2.x as well as 192.168.1.x (unless you configured it to NAT to 192.168.x.x in the first place). I don't know much about FreeBSD, but to do this in Linux I would add an extra ipchains (ipfwadm for 2.0.x kernel) rule to MASQ to that network, as well as the original one. Matthew Arcady Genkin wrote: Hi. I've just got a laptop computer. I already have a two-computer network running with a FreeBSD box doing NAT and firewalling, and a Debian box behind it. I need to obtain means of connecting my notebook to the 'net. Because I'm too cheap to buy a hub, and also because I have a bunch of networking cards lying around (that don't match), I put an extra NIC into the Debian box and connected the laptop to it. The network works fine. Laptop has IP 192.168.2.2, Debian box has IPs 192.168.2.1 (to the laptop), and 192.168.1.2 (to the firewall). The FreeBSD box has an IP of 192.168.1.1 on the inside, and a real IP on the outside. My question is: what do I want to do with my Debian box so that the laptop could talk to the 'net? As far as I understand, I just need to configure it a router (to route all traffict from 192.168.2.2 through 192.168.1.1), correct? Also, will I need to modify anything on my firewall? Do I need to add a routing entry for 192.168.2 network? I'm afraid it would try to look for it in the outside... FWIW, the laptop runs Slackware. Thanks for any comments, suggestions, etc.! -- Arcady Genkin http://www.thpoon.com Nostalgia isn't what it used to be. -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: Firewall or router
Matthew Dalton [EMAIL PROTECTED] writes: The laptop needs the following settings: - Gateway - your Debian box (192.168.2.1) - a route to the 192.168.2.x network The Debian box needs: - forwarding enabled - Gateway - your FreeBSD pc (192.168.1.1) - a route to the 192.168.2.x network - a route to the 192.168.1.x network Mathew, thanks for your reply. I'm having a bit of a trouble here. I did on the Debian box to enable IP forwarding: echo 1 /proc/sys/net/ipv4/ip_forward echo 0 /proc/sys/net/ipv4/conf/all/rpfilter Then I did on the laptop: route add default gw 192.168.2.1 ,[ Debian box's routing table ] | tea:/usr/home/antipode$ /sbin/route -n | Kernel IP routing table | Destination Gateway Genmask Flags Metric RefUse Iface | 172.16.160.00.0.0.0 255.255.255.0 U 0 00 vmnet1 | 192.168.2.0 0.0.0.0 255.255.255.0 U 0 00 eth1 | 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 | 0.0.0.0 192.168.1.1 0.0.0.0 UG1 00 eth0 ` ,[ The laptop's routing table ] | espresso:~$ /sbin/route -n | Kernel IP routing table | Destination Gateway Genmask Flags Metric RefUse Iface | 192.168.2.0 0.0.0.0 255.255.255.0 U 0 00 eth0 | 127.0.0.0 0.0.0.0 255.0.0.0 U 0 00 lo | 0.0.0.0 192.168.2.1 0.0.0.0 UG0 00 eth0 ` Then I'm trying to ping 192.168.1.1 from the laptop, and can't. Traceroute to that address stops at 192.168.2.1, so I guess that the request is routed correctly, but the Debian box wouldn't forward it. Could somebody point me in the right direction? Thanks in advance! Hi. I've just got a laptop computer. I already have a two-computer network running with a FreeBSD box doing NAT and firewalling, and a Debian box behind it. I need to obtain means of connecting my notebook to the 'net. Because I'm too cheap to buy a hub, and also because I have a bunch of networking cards lying around (that don't match), I put an extra NIC into the Debian box and connected the laptop to it. The network works fine. Laptop has IP 192.168.2.2, Debian box has IPs 192.168.2.1 (to the laptop), and 192.168.1.2 (to the firewall). The FreeBSD box has an IP of 192.168.1.1 on the inside, and a real IP on the outside. My question is: what do I want to do with my Debian box so that the laptop could talk to the 'net? As far as I understand, I just need to configure it a router (to route all traffict from 192.168.2.2 through 192.168.1.1), correct? Also, will I need to modify anything on my firewall? Do I need to add a routing entry for 192.168.2 network? I'm afraid it would try to look for it in the outside... FWIW, the laptop runs Slackware. -- Arcady Genkin http://www.thpoon.com Nostalgia isn't what it used to be.