John Turnbull wrote:
I am sorry to repost this request, but I have still not managed to turn
on forwarding in Mandrake SNF (original description follows). I do know
a little more. I have managed to install a different firewalling distro
- smoothwall (www.smoothwall.org), so I do know that the problem is not
due to some HP proprietary hardware weirdness.
How would I turn on forwarding, manually, in SNF?
Thank you again. John T
John Turnbull wrote:
I have installed Mandrake SNF on an elderly HP Ventra with a 200MHz
Pentium Pro in a test-bed configuration.
I have it set up with eth0 (ne2k-pci card - 192.168.3.34) connected to
the LAN side of my network and eth1 (3c59x - 192.168.4.34) running
through a crossover cable to a laptop acting as a stand-in for the
internet.
From the HP firewall, I can ping both of its NICs and can also ping the
'internet' (laptop - 192.168.4.65) and any internal machine (say:
192.168.3.45), so the TCP/IP stuff seems to be fine.
I can connect to the HP firewall with either ssh or Mandrake Security
(port 8443: I intentionally set it up to allow both) from either the LAN
side or the 'internet' side, but I cannot connect from the LAN side to
the internet side at all.
Mandrake Security - Restrict Access lists
Firewall Rules on
and
Mandrake Security - Internet Access lists
Access Status Down
and no amount of poking 'Start' or 'Stop', in any combination, seems
to change its status. . . sigh
Any hints on how I should proceed would be appreciated.
Thank you in advance. John T
(BTW what does 'Test' do?)
John,
The command line solution can be found on page 216 of the Linux Network
Administrator's Guide by Kirch Dawson (O'Reilly Associates).
Depending on your kernel, one or more of these two line commands should
take care of you. Try each of them until one works. After each attempt
go to one of the LAN-side boxen and ping 216.239.39.100. That's the IP
for www.google.com. If you get no response, you need to move on and try
the next pair of commands for IP forwarding. If you get a response, try
pinging www.google.com. If you can ping the IP but not the domain name,
you need to setup DNS and I can tell you how to do that, too. Anyway,
here's those commands, don't forget to su into root and remember that
everything is case sensitive:
# ipfwadm -F -p deny
# ipfwadm -F -a accept -m -S 192.168.0.0/24 -D 0/0
(if your home network is different from 192.168.0.0, change the command
to suit your network, just don't forget the /24 at the end, the same
holds for the next pair of commands if these don't work)
# ipchains -P forward -j deny
# ipchains -A forward -s 192.168.0.0/24 -d 0/0 -j MASQ
and, lastly:
# iptables -t nat -P POSTROUTING DROP
# iptables -t nat -A POSTROUTING DROP -o ppp0 -j MASQUERADE
In that last case you will want to change ppp0 to the appropriate
ethernet device if you are connected through a DSL/cable connection on
one of your ethernet cards, as opposed to a dial-up connection like
these instructions assume. Anyway, if you need any more help feel free
to post again because I've learned a lot of networking stuff and I can
recite the NetAdmin's guide like scripture now. Good luck and please
let me know if this works for you.
In Solidarity,
Isaac
Nolite te bastardes carborundorum.
(Don't let the bastards grind you down)
- The Handmaid's Tale, Margaret Atwood
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
