Nemeth Gyorgy a écrit :
>>
> Yes, it can work as a short go-nogo test. But the suggestion was not
> mentioned it, that it is only for that. And it is very likely that when
> the OP tries this and it 'works' (I mean the Windows machine behind the
> Linux works well), then the rules will remain.
I w
I adopted Mr. Gyorgy's suggested iptables rules with only a
couple of additions based on nmap's report that port 411 was open
because it passed with flying colors nmaps tcp and udp scan of the
first 1056 ports, grc.com tests and pcflank.com tests.
For a single user system running no service
2014-08-10 22:30 keltezéssel, Joe írta:
> Why is it unresolvable? A DROP/REJECT policy is fail-safe, ACCEPT
> isn't. If the rest of the rules are correct, (and more importantly,
> guaranteed always to stay that way in the face of editing, sometimes
> rushed) an ACCEPT policy is redundant, and if th
On Tue, Aug 12, 2014 at 5:19 AM, Joe wrote:
> On Tue, 12 Aug 2014 04:53:51 -0400
> Tom H wrote:
>>
>> And you've proven my point...
>
> Agreed, I just can't see why there is any controversy.
You misunderstand. The fact that you can't accept that there may be
others who have good reason (whatever
On Tue, 12 Aug 2014 04:53:51 -0400
Tom H wrote:
>
> And you've proven my point...
>
>
Agreed, I just can't see why there is any controversy.
--
Joe
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian
On Sun, Aug 10, 2014 at 4:30 PM, Joe wrote:
> On Sun, 10 Aug 2014 16:07:01 -0400
> Tom H wrote:
>> On Sun, Aug 10, 2014 at 2:24 PM, Nemeth Gyorgy
>> wrote:
>>> 2014-08-10 11:33 keltezéssel, Pascal Hambourg írta:
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -P ACCEPT
iptabl
On Mon, Aug 11, 2014 at 02:06:28PM +0200, Pascal Hambourg wrote:
> Mike McClain a ?crit :
> >
> > Clearly DNS lookup is working and I have a problem with the
> > configuration of IE.
>
> Check in its network settings whether a proxy is defined, and remove it.
Hi Pascal,
Nope, no proxy.
Mike McClain a écrit :
>
> Clearly DNS lookup is working and I have a problem with the
> configuration of IE.
Check in its network settings whether a proxy is defined, and remove it.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble?
On Mon, 11 Aug 2014 17:44:52 +1000
Andrew McGlashan wrote:
>
> I give another vote for IPCop btw that or pfsense, but IPCop is
> simpler.
>
Yes, but it's a distribution in itself, which means you need to
dedicate an entire computer to it. (No, I don't think there is any point
in running
On 10/08/2014 10:06 AM, Mike McClain wrote:
>> Please describe your network topology. Where's the Win2k box ?
> __
> | Debian| LAN| Windows 2000 |
> Inet|Linux|-
On Sun, 10 Aug 2014 16:07:01 -0400
Tom H wrote:
> On Sun, Aug 10, 2014 at 2:24 PM, Nemeth Gyorgy
> wrote:
> > 2014-08-10 11:33 keltezéssel, Pascal Hambourg írta:
> >>
> >> Nemeth Gyorgy's ruleset is too complicated. Use the bare minimum :
> >>
> >> sysctl -w net.ipv4.ip_forward=1
> >> iptables -
On Sun, Aug 10, 2014 at 2:24 PM, Nemeth Gyorgy wrote:
> 2014-08-10 11:33 keltezéssel, Pascal Hambourg írta:
>>
>> Nemeth Gyorgy's ruleset is too complicated. Use the bare minimum :
>>
>> sysctl -w net.ipv4.ip_forward=1
>> iptables -t nat -P ACCEPT
>> iptables -t filter -P ACCEPT
>
> This is really
2014-08-10 11:33 keltezéssel, Pascal Hambourg írta:
> Nemeth Gyorgy's ruleset is too complicated. Use the bare minimum :
>
> sysctl -w net.ipv4.ip_forward=1
> iptables -t nat -P ACCEPT
> iptables -t filter -P ACCEPT
This is really a big sechole.
> iptables -t mangle -P ACCEPT
> iptables -t nat -
2014-08-10 01:49 keltezéssel, Mike McClain írta:
>> It's a rather complicated, sometimes overcomplicated script. But some
>> rules are missing and/or not in the correct order.
>
> I've little doubt you are correct, admittedly I'm flailing a bit.
> Trying this and that with little luck.
> I'd appre
On Sun, Aug 10, 2014 at 11:33:27AM +0200, Pascal Hambourg wrote:
>
> Nemeth Gyorgy's ruleset is too complicated. Use the bare minimum :
>
> sysctl -w net.ipv4.ip_forward=1
> iptables -t nat -P ACCEPT
> iptables -t filter -P ACCEPT
> iptables -t mangle -P ACCEPT
> iptables -t nat -F
> iptables -t fi
On Sat, Aug 09, 2014 at 10:30:53PM -0600, Bob Proulx wrote:
> Mike McClain wrote:
> > Pascal Hambourg wrote:
> > > Please describe your network topology. Where's the Win2k box ?
> >
> > __
> > | Debian|
Mike McClain a écrit :
>
> from a zsh prompt:
> Mike zsh:~> nslookup
> Default Server: resolver1.opendns.com
> Address: 208.67.222.222
>
> Didn't return.
Of course not. If you don't provide a domain name to query in the
command line, nslookup just sits there and waits for a command or a name
to
Mike McClain a écrit :
> On Fri, Aug 08, 2014 at 09:13:23PM +0200, Pascal Hambourg wrote:
>>
>> Same as Nemeth Gyorgy : restart without any filtering, just the IP
>> forwarding and masquerading. If it does not work, it's not due to
>> filtering. Then when ev
Bob Proulx a écrit :
> Mike McClain wrote:
>> __
>> | Debian| LAN| Windows 2000 |
>> Inet|Linux|-| S40 |
>> (ppp) | 192.168.1.2 |
Mike McClain wrote:
> Pascal Hambourg wrote:
> > Please describe your network topology. Where's the Win2k box ?
>
> __
> | Debian| LAN| Windows 2000 |
> Inet|Linux|
Inet via dialup. IE says
> > "Cannot find server or DNS error."
> > I've read every HOWTO and the iptables man pages several times but
> > am at a loss.
> > Suggestions?
>
> Same as Nemeth Gyorgy : restart without any filtering, just the IP
On Fri, Aug 08, 2014 at 08:24:11PM +0200, Nemeth Gyorgy wrote:
> 2014-08-08 09:04 keltez?ssel, Mike McClain ?rta:
> > I've been trying to get my hand rolled iptables firewall to
> > masquerade traffic on the LAN to/from a Win2K box. I've gotten it to
> > the point that I can ping from the boxes
On Fri, Aug 08, 2014 at 09:16:05PM -0700, Matt Ventura wrote:
> On 8/8/2014 12:04 AM, Mike McClain wrote:
> > I've been trying to get my hand rolled iptables firewall to
> >masquerade traffic on the LAN to/from a Win2K box. I've gotten it to
> >the point that I can ping from the boxes both ways
On Fri, Aug 08, 2014 at 07:05:28PM -0700, David Christensen wrote:
> On 08/08/2014 12:04 AM, Mike McClain wrote:
> > I've been trying to get my hand rolled iptables firewall to
> >masquerade traffic on the LAN to/from a Win2K box.
>
> I used to write my own firewall/ router rules, but then disc
On 8/8/2014 12:04 AM, Mike McClain wrote:
I've been trying to get my hand rolled iptables firewall to
masquerade traffic on the LAN to/from a Win2K box. I've gotten it to
the point that I can ping from the boxes both ways, smbclient can move
files both ways and the Win2K box can ping Google'
On 08/08/2014 12:04 AM, Mike McClain wrote:
I've been trying to get my hand rolled iptables firewall to
masquerade traffic on the LAN to/from a Win2K box.
I used to write my own firewall/ router rules, but then discovered
purpose-built firewall/ router FOSS distributions. I used IPCop fo
ich access the Inet via dialup. IE says
> "Cannot find server or DNS error."
> I've read every HOWTO and the iptables man pages several times but
> am at a loss.
> Suggestions?
Same as Nemeth Gyorgy : restart without any filtering, just the IP
forwarding and masquer
2014-08-08 09:04 keltezéssel, Mike McClain írta:
> I've been trying to get my hand rolled iptables firewall to
> masquerade traffic on the LAN to/from a Win2K box. I've gotten it to
> the point that I can ping from the boxes both ways, smbclient can move
> files both ways and the Win2K box can
I've been trying to get my hand rolled iptables firewall to
masquerade traffic on the LAN to/from a Win2K box. I've gotten it to
the point that I can ping from the boxes both ways, smbclient can move
files both ways and the Win2K box can ping Google's IP address but DNS
lookup fails even though
On Sat, 19 Jan 2013 14:30:54 +0100
Pascal Hambourg wrote:
> Hello,
>
> Joe a écrit :
> >
> > Entirely unrelated to anything else in the thread, but this one
> > caught me yesterday, moving a firewall script from an old Ubuntu to
> > a Sid machine.
> >
> > In Sid, 'state' no longer works. Inste
UG0 0 0
> tun0
Looks fine, except for the useless route to 192.168.2.0/32.
> I searched and found some instructions with iptables commands that
> would allow ip forwarding over the VPN, but it didn't seem to make
> any difference:
The effect of each single
Hello,
Joe a écrit :
>
> Entirely unrelated to anything else in the thread, but this one caught
> me yesterday, moving a firewall script from an old Ubuntu to a Sid
> machine.
>
> In Sid, 'state' no longer works. Instead of:
Are you sure it is not just a warning ? I can see from
packages.debian
On Thu, 17 Jan 2013 08:01:06 +
Bonno Bloksma wrote:
>
>
> KEEPSTATE=" -m state --state ESTABLISHED,RELATED"
> # Accept return traffic.
> $IPTABLES -A FORWARD -j ACCEPT $KEEPSTATE
> $IPTABLES -A INPUT -j ACCEPT $KEEPSTATE
Entirely unrelated to anything else in the thread, but this one caught
PT
# Forward traffic from your local LAN to the outside
$IPTABLES -A FORWARD -i eth0 -j ACCEPT
-Oorspronkelijk bericht-
Van: Bonno Bloksma [mailto:b.blok...@tio.nl]
Verzonden: donderdag 17 januari 2013 8:51
Aan: debian-user
Onderwerp: RE: OpenVPN and IP Forwarding
Hi,
>>>http:/
Hi,
>>>http://i1309.photobucket.com/albums/s629/CletusJenkins/network_zps9f815828.png
>>
>>This helped a lot.
>>Now me, I have the VPN server running on the "router" machine and the client
>>on the side of the end users. But if you are the only user then this should
>>work too, it is just a bi
>>I used dia to make a png file diagram of my network. I tried to make one with
>>text, but
>>I couldn't understand it and I made it. I assume the list won't forward
>>attachments, so
>>I posted it at:
>>
>>http://i1309.photobucket.com/albums/s629/CletusJenkins/network_zps9f815828.png
>>
>
Hi,
>>This is a good clarification. But still confusing. I think you need to
>>give us a block diagram or picture of things. Because in the above it
>>reads like you have two machines in your path where most of us would
>>have only one. Because you say that you vpn to a server and that server
ot; and use services running on
>it, but
they cannot reach the internet when the VPN is connected (connected meaning
openvpn is running on my "router", not the other systems). In my mind
(...heh...)
traffic that comes in via ip forwarding should go out the default gateway
whether
that
ernet
at large fine using NAT at router1.
> Before installing openvpn, the machines on the private network could
> reach the internet via my "router". I am hoping for the same ip
> forwarding to work as before (without any configuration on those
> private machines) I j
onf by
itself appropriately.)
# Configure the local DNS nameservers to get to the private names.
push "dhcp-option DNS 10.1.2.3.101"
push "dhcp-option DNS 10.1.2.3.121"
push "dhcp-option DOMAIN example.com"
On the server for each client such as for client foo I have
oesn't quite work.
>
> Those are the most common problems with VPN traffic.
> Look at something like push "route 192.168.2.0 255.255.255.0" in your cfg
> file on the server to tell the clients where to send traffic.
>
> > I searched and found some in
ute 192.168.2.0 255.255.255.0" in your cfg file
on the server to tell the clients where to send traffic.
> I searched and found some instructions with iptables commands that would
> allow ip forwarding over the VPN,
> but it didn't seem to make any difference:
> ipta
s commands that would allow
ip forwarding over the VPN, but it didn't seem to make any difference:
iptables -A FORWARD -s 192.168.2.0/8 -o eth1 -j ACCEPT
iptables -A FORWARD -s 192.168.2.0/8 -o eth1 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.2.0/8 -o eth1 -j MASQUERADE
eth0 is the
On Fri, Feb 19, 2010 at 08:06:43AM +1100, Alex Samad wrote:
> Hi
>
>
> I am a bit confused, I have a bridged interface with 2 active interfaces
> eth0 and eth1. and ip forwarding off
>
> I have turned off ip forwarding. I though brctl created a ethernet
> bridge
, 2010 4:07 PM
> To: Debian Users
> Subject: bridge + ip-forwarding
>
> Hi
>
>
> I am a bit confused, I have a bridged interface with 2 active interfaces
> eth0 and eth1. and ip forwarding off
>
> I have turned off ip forwarding. I though brctl created a ethernet
>
f you explained what you are trying to do.
James
-Original Message-
From: Alex Samad [mailto:a...@samad.com.au]
Sent: February 18, 2010 4:07 PM
To: Debian Users
Subject: bridge + ip-forwarding
Hi
I am a bit confused, I have a bridged interface with 2 active interfaces
eth0 and eth1. a
Hi
I am a bit confused, I have a bridged interface with 2 active interfaces
eth0 and eth1. and ip forwarding off
I have turned off ip forwarding. I though brctl created a ethernet
bridge - same broadcast domain between the interface. but I noticed a
lot of firewall blocks in my iptables
I have a simple home router setup. The router runs Debian Lenny; the
client runs Ubuntu. The router has two NICs; one connects to the ISP,
the other to an internal switch.
The router box has no network issues with the Internet. I can ping, surf
websites, etc..
The client box has no problems
On Fri, 11 Jul 2008 17:15:53 +1000, Alex Samad wrote:
>
> have a look at /etc/ppp/ip-up.d/
Thanks. I linked my port-forwarding start script to /etc/sbin/ipmasq.
It should stay up now if 00ipmasq actually gets executed when ppp0 comes up.
-- hendrik
--
To UNSUBSCRIBE, email to [EMAIL PROTEC
On Fri, Jul 11, 2008 at 01:28:19AM +, Hendrik Boom wrote:
> On Thu, 05 Jun 2008 10:03:09 -0700, Andrew Sackville-West wrote:
>
> > On Thu, Jun 05, 2008 at 11:11:55AM -0400, [EMAIL PROTECTED] wrote:
> >> I have my network front end running Debian sarge (yet, it's time to
> >> upgrade at lest t
On Thu, 05 Jun 2008 10:03:09 -0700, Andrew Sackville-West wrote:
> On Thu, Jun 05, 2008 at 11:11:55AM -0400, [EMAIL PROTECTED] wrote:
>> I have my network front end running Debian sarge (yet, it's time to
>> upgrade at lest to etch). It's connected to the rest of the net by a
>> DSL line. I've
On Thu, Jun 05, 2008 at 11:11:55AM -0400, [EMAIL PROTECTED] wrote:
> I have my network front end running Debian sarge (yet, it's time to
> upgrade at lest to etch). It's connected to the rest of the net by a
> DSL line. I've set up port-forwarding to selected machines on my LAN
> for the conve
I have my network front end running Debian sarge (yet, it's time to
upgrade at lest to etch). It's connected to the rest of the net by a
DSL line. I've set up port-forwarding to selected machines on my LAN
for the convenience of certain games, and bittorrent, and I'd like to
use it for some a
AIL PROTECTED]> writes:
> I'm trying to set up a firewall/gateway, and I can't seem to get
> ip forwarding to work. I'm using linux kernel 2.6.23 with iptables
> enabled. Here's what happens.
>
> The firewall machine has two interfaces (both on private network
David Zelinsky wrote:
>With this setup, I expect to be able to ping 10.0.0.2 from 192.168.0.2
>(and vice versa), with packets routed through the firewall, but it
>doesn't work.
>What am I overlooking?
It looks like that 10.0.0.2 does not have a route to 192.168.0.0/24 or
that 192.168.0.2 does no
On Sat, Mar 08, 2008 at 03:37:54PM -0500, David Zelinsky wrote:
> I'm trying to set up a firewall/gateway, and I can't seem to get
> ip forwarding to work. I'm using linux kernel 2.6.23 with iptables
> enabled. Here's what happens.
>
> The firewall machine
I'm trying to set up a firewall/gateway, and I can't seem to get
ip forwarding to work. I'm using linux kernel 2.6.23 with iptables
enabled. Here's what happens.
The firewall machine has two interfaces (both on private networks, for
testing purposes):
IFIP
Doug & others,
dat> DNS and IP forwarding are two separate issues.
OK; with ipmasq installed, a Debian client
communicates through the router system just as if
directly connected. One more small problem
solved. Thanks.
dat> You need to enable IP forwarding as well
as
On Sun, Feb 18, 2007 at 02:44:50PM -0700, Archive wrote:
> As mentioned in an earlier email the DOMU or secondary Xen system(s) can
> not only talk to the DOM0 or Xen primary system but also to other other
> DOMU or secondary Xen system(s) and that most likely involves not only
> LAN interaction
As mentioned in an earlier email the DOMU or secondary Xen system(s) can
not only talk to the DOM0 or Xen primary system but also to other other
DOMU or secondary Xen system(s) and that most likely involves not only
LAN interaction but also Internet interaction.
Where internet interaction is
On Sun, Feb 18, 2007 at 02:44:50PM -0700, Archive wrote:
> It would be nice to have some examples of this route management code
> with an explanation of it's operation and theory for both simple and
> complex scenarios, especially some Xen scenarios.
>
> Any takers on this
Hi, thanks everyone, I had forgotten about the route back so I set the default
gateway.
andrew.
> From: [EMAIL PROTECTED]> To: [EMAIL PROTECTED]; debian-user@lists.debian.org>
> Subject: RE: ip forwarding> Date: Sun, 11 Feb 2007 15:52:59 -0800> > > Hi
> everyone
10
>
> I want XP1 to be able to ping XP2, so I enabled IP forwarding in
/etc/network/options
> Unfortunately XP1 still can not ping XP2.
> (XP1 can ping Debian/Server, and Debian/Server can ping XP2)
>
> Do I have to do anything else to enable the Debian/Server to act as a
si
Andrew Critchlow wrote:
Do I have to do anything else to enable the Debian/Server to act as a
simple router?
Does either XP1 or XP2 know that they can find the other subnet by
sending packets to the Debian machine? i.e. is the Debian machine set as
the default gateway?
--
To UNSUBSCRIBE, e
XP2 IP = 172.16.0.10
I want XP1 to be able to ping XP2, so I enabled IP forwarding in
/etc/network/options
Unfortunately XP1 still can not ping XP2.
(XP1 can ping Debian/Server, and Debian/Server can ping XP2)
Do I have to do anything else to enable the Debian/Server to act as a
simple router
enabled IP forwarding in
/etc/network/options
Unfortunately XP1 still can not ping XP2.
(XP1 can ping Debian/Server, and Debian/Server can ping XP2)
Do I have to do anything else to enable the Debian/Server to act as a simple
router?
Thanks all.
Andrew.
e is a separate firewall machine.)
>
> 192.168.2 (eth0) is a network with Windows machines. Packets to and
> from that network are no longer being forwarded. The routing table
> appears to be correct and IP forwarding is turned on.
>
> Machines on 192.168.2.* are able to ping 192.1
ckets to and
> > > from that network are no longer being forwarded. The routing table
> > > appears to be correct and IP forwarding is turned on.
> >
> > how are you turning forwarding on?
>
> $ cat /etc/network/options
> ip_forward=yes
> spoofprotect=ye
igured in the kernel, since masquerading and filtering is not
> > required. (There is a separate firewall machine.)
> >
> > 192.168.2 (eth0) is a network with Windows machines. Packets to and
> > from that network are no longer being forwarded. The routing table
>
e is a separate firewall machine.)
>
> 192.168.2 (eth0) is a network with Windows machines. Packets to and
> from that network are no longer being forwarded. The routing table
> appears to be correct and IP forwarding is turned on.
how are you turning forwarding on?
what does:
# sys
. Packets to and
from that network are no longer being forwarded. The routing table
appears to be correct and IP forwarding is turned on.
Machines on 192.168.2.* are able to ping 192.168.1.18 (the other network
card on the routing machine) but they cannot ping any other machine on
the 192.168.1
Ok. You need a NAT. Example:
Old IP: 200.20.20.20
New IP: 201.21.21.21
Use the rule on machine at your office:
# iptables -t NAT -A INPUT -d 200.20.20.20 -j DNAT 201.21.21.21
It works fine with one nic.
[]s
Eriberto - www.eriberto.pro.br
HOGWASH - IPS invisível em camada 2. http://www.eribe
- Original Message -
From:
Matt
Zagrabelny
To: debian-user@lists.debian.org
Sent: Friday, August 19, 2005 3:29
PM
Subject: Re: IP Forwarding
On Fri, 2005-08-19 at 12:48 -0400, theal wrote:> I am
trying to forward all ports from one ip address to another us
On Fri, 2005-08-19 at 12:48 -0400, theal wrote:
> I am trying to forward all ports from one ip address to another using
> iptables. can this be accomplished using a single network adaptor?
> anyone know what syntax to use?
do you mean:
a.b.c.d:e -> w.x.y.z:e
a.b.c.d:f -> w.x.y.z:f
or
a.b.c.d:*
I am trying to forward all ports from one ip
address to another using iptables. can this be accomplished using a single
network adaptor? anyone know what syntax to use?
Debian GNU/Linux 3.1
iptables
1.2.9-10
Tony
[mailto:[EMAIL PROTECTED]
Sent: domingo, 31 de julio de 2005 11:20
To: Debian User
Subject: Re: Firewall & IP Forwarding problems
Ronald Castillo wrote:
> Hello.
>
> I'm trying to connect my pocket pc by wíreless to my VMWare Windows
2000
> virtual PC. Which means, I need a compl
Ronald Castillo wrote:
Hello.
I'm trying to connect my pocket pc by wíreless to my VMWare Windows 2000
virtual PC. Which means, I need a completely transparent connection
between my eth1 (wireless) and vmnet8 (vmware emulated lan) devices.
So far, I've tried using the following script:
--
Ronald Castillo wrote:
> I'm trying to connect my pocket pc by wíreless to my VMWare Windows 2000
> virtual PC. Which means, I need a completely transparent connection
> between my eth1 (wireless) and vmnet8 (vmware emulated lan) devices.
> So far, I've tried using the following script:
[snippe
Hello.
I'm trying to connect my pocket pc by wíreless to my VMWare Windows 2000
virtual PC. Which means, I need a completely transparent connection
between my eth1 (wireless) and vmnet8 (vmware emulated lan) devices.
So far, I've tried using the following script:
---
On Tue, 2005-05-03 at 10:05 -0500, Matt Zagrabelny wrote:
> hello,
>
> simple firewall problem:
>
> 1 external nic (eth0)
> 1 internal nic (eth1)
>
> i do not need to do any snat or masquerading, i am just looking to
> forward the traffic from the internal to the external.
>
> so far:
>
> # ec
hello,
simple firewall problem:
1 external nic (eth0)
1 internal nic (eth1)
i do not need to do any snat or masquerading, i am just looking to
forward the traffic from the internal to the external.
so far:
# echo 1 > /proc/sys/net/ipv4/ip_forward
# iptables -L -v
Chain INPUT (policy ACCEPT 1
hi there, i dont use ssh, BUT, i was getting timeout problems when i
masqed an oracle database, oracle uses port 1521, and similar to you we
were loosing connections when we went through the ipchains firewall, the
solution was to set the timeout - i have included the ipchains rules
here just fo
I have a firewall with two network cards running Sid with kernel 2.2.17. I
have the following rule:
/usr/sbin/ipmasqadm portfw -a -P tcp -L $IP_REAL 22 -R $MAGNETO 22
And it works fine. IP_REAL is the dhcp granted IP from my ISP, MAGNETO is
the ssh server behind the firewall, and MYSTIQUE is the
On Wed, Mar 21, 2001 at 01:14:48AM -0500, Gregg C wrote:
> What is the minimum I need to do to enable my gatway system to do NAT for my
> local lan? It is a fresh 2.2 install.
>
> I'm reading the ipchains howto (among other things), so I can build a proper
> firewall, which is a steep learning c
What is the minimum I need to do to enable my gatway system to do NAT for my
local lan? It is a fresh 2.2 install.
I'm reading the ipchains howto (among other things), so I can build a proper
firewall, which is a steep learning curve for me. However, that is fine,
because when I'm done I want
On Mon, Dec 25, 2000 at 01:06:45AM -0500, Aaron Solochek wrote:
> Here is the situation: I have a laptop with wireless, and a desktop
> with wireless and regular ethernet.
>
> Lets call the desktop machine A. A has eth0 (ethernet to the rest
> of the world), and eth1 (10.0.10.1, in an adhoc wire
impler
than what's in the HOWTO):
http://ibiblio.unc.edu/mdw/HOWTO/mini/Proxy-ARP-Subnet/index.html
Also, don't forget to turn on IP forwarding (in /etc/network/options) and
clean out the firewall rules from your previous attempts.
Brad
Here is the situation: I have a laptop with wireless, and a desktop
with wireless and regular ethernet.
Lets call the desktop machine A. A has eth0 (ethernet to the rest
of the world), and eth1 (10.0.10.1, in an adhoc wireless with the
laptop)
Let the laptop be machine B, with only eth1, 10.0.1
On Mon, Sep 04, 2000 at 08:48:36PM +0200, Richard wrote:
> I'm trying to configure the kernel 2.2.16 to do ip forwarding. Currently, I
> have installed the 2.0.38 and there is no
> problem (I know, the configuration is different).
>
> I've done everything I think
Richard wrote:
>
> Hi to all.
>
> I'm trying to configure the kernel 2.2.16 to do ip forwarding. Currently, I
> have installed the 2.0.38 and there is no
> problem (I know, the configuration is different).
>
> I've done everything I think I have to:
>
>
Hi to all.
I'm trying to configure the kernel 2.2.16 to do ip forwarding. Currently, I
have installed the 2.0.38 and there is no
problem (I know, the configuration is different).
I've done everything I think I have to:
Check the /proc/sys/net/ipv4/ip_forward value, that is 1.
Check
On Mon, Aug 07, 2000 at 09:29:40PM +0100, Edmund GRIMLEY EVANS wrote:
> It does the "echo 1 > /proc/sys/net/ipv4/ip_forward", but it doesn't
> do the ipchains bit, I think.
Then put a script that calls ipchains in /etc/ppp/ip-up.d
--
Pedro
Stan Kaufman <[EMAIL PROTECTED]>:
> > I can make it work by doing the following by hand:
> >
> > # ipchains -A forward -s 192.168.0.0/24 -j MASQ
> > # echo 1 > /proc/sys/net/ipv4/ip_forward
> >
> > But is there a neat way of making it happen automatically by putting
> > something in /etc/network
Nate Duehr wrote:
>
> Aw, bloody hell. Somehow I never noticed this and had been running my
> own little script on the box that has an mgetty dial-in modem set up on
> it so things would be happy.
>
> Now I have "yes" in there, and don't have to call that script at
> boot... which of course, isn
On Sun, Aug 06, 2000 at 08:44:06AM -0700, Stan Kaufman wrote:
> Edit /etc/network/options to change the line
> ip_forward=no
> to
> ip_forward=yes
Aw, bloody hell. Somehow I never noticed this and had been running my
own little script on the box that has an mgetty dial-in modem set up
Edmund GRIMLEY EVANS wrote:
>
> I can make it work by doing the following by hand:
>
> # ipchains -A forward -s 192.168.0.0/24 -j MASQ
> # echo 1 > /proc/sys/net/ipv4/ip_forward
>
> But is there a neat way of making it happen automatically by putting
> something in /etc/network/ or in /etc/ppp/?
I can make it work by doing the following by hand:
# ipchains -A forward -s 192.168.0.0/24 -j MASQ
# echo 1 > /proc/sys/net/ipv4/ip_forward
But is there a neat way of making it happen automatically by putting
something in /etc/network/ or in /etc/ppp/?
And can it be combined with dial-on-demand?
1- Recompile de kernel for supporting additional MASQ-modules
2- add the module port-forwarding (as module or part of the kernel) and
recompile (reset etc)
3- add a ipchains ACCEPT entry for the port 80 on your firewall box
4- add the rule for redirecting the port.
IMPORTANT: u will not can te
Nick wrote:
>
> i have a 2.1 debain system w/ 2.215 kernel
>
> i want to have a webserver inside my firewall. Therefore i need to forward
> the requests for port 80 to the inside machine. So far it is set up to do
> ipmasq w/ ipchains
>
> i installed the ipportfw and ipmasq packages and trie
i have a 2.1 debain system w/ 2.215 kernel
i want to have a webserver inside my firewall. Therefore i need to forward
the requests for port 80 to the inside machine. So far it is set up to do
ipmasq w/ ipchains
i installed the ipportfw and ipmasq packages and tried the following at the
com
1 - 100 of 146 matches
Mail list logo