FIXED! Re: [Leaf-user] Dachstein-CD v1.0.2 as a router only (no firewall)
- Original Message - From: Charles Steinkuehler [EMAIL PROTECTED] To: Kenneth Hadley [EMAIL PROTECTED]; guitarlynn [EMAIL PROTECTED] Cc: LEAF-user [EMAIL PROTECTED] Sent: Monday, January 14, 2002 6:55 AM Subject: Re: [Leaf-user] Dachstein-CD v1.0.2 as a router only (no firewall) IPFILTER_SWITCH=router Does anyone have any thoughts on what I might have configured wrong? Change IPFILTER_SWITCH=none I'm guessing the my problems are related to some of the filter's too but unfortunately changing IPFILTER_SWITCH to none completely kills all traffic between 192.168.1.0 and 192.168.2.0 Worth a shot Um...did you try changing from: IPFWDING_KERNEL=FILTER_ON to: IPFWDING_KERNEL=YES This, combined with IPFILTER_SWITCH=none should get you a basic router... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) Have I tried those settings? Yes Have I tried those settings in that combination? Nope Does my problems go away with this combination? YES!! Thanks Charles! So if I understand it correctly: IPFWDING_KERNEL=YES IPFILTER_SWITCH=none sets your scripts to full routing of all traffic and IPFWDING_KERNEL=FILTER_ON IPFILTER_SWITCH=router sets your scripts to routing with filtering Is this correct? ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: FIXED! Re: [Leaf-user] Dachstein-CD v1.0.2 as a router only (no firewall)
So if I understand it correctly: IPFWDING_KERNEL=YES IPFILTER_SWITCH=none sets your scripts to full routing of all traffic and IPFWDING_KERNEL=FILTER_ON IPFILTER_SWITCH=router sets your scripts to routing with filtering Is this correct? Yes. The reason you were not routing packets previously: With IPFWDING_KERNEL=FILTER_ON, the scripts only enable packet forwarding once the firewall filter rules are fully configured...with IPFILTER_SWITCH=none, you're not running a firewall filter, so the scripts take the (safe) option of not forwarding any traffic, rather than assuming you bungled the config and routing packets anyway (never a safe assumption for a security device). Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
