Re: Using a linux server as a firewall
From: Jim Fischer (jfischer_link5809_at_now.here.com)
Date: 11/21/03
- Next message: B'ichela: "Archie and Veronica search engines"
- Previous message: Claudio Nieder: "Re: iptables DNAT question"
- In reply to: Lyle H. Gray: "Using a linux server as a firewall"
- Next in thread: Bill Marcum: "Re: Using a linux server as a firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 21 Nov 2003 15:18:14 -0600
Lyle H. Gray wrote:
> Redhat Linux 7.3.
> Two ethernet cards:
>
> eth0 Link encap:Ethernet HWaddr 00:60:08:9D:9D:A1
> inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:386260 errors:0 dropped:0 overruns:0 frame:0
> TX packets:333085 errors:0 dropped:0 overruns:0 carrier:27
> collisions:10054 txqueuelen:100
> RX bytes:29697918 (28.3 Mb) TX bytes:139509719 (133.0 Mb)
> Interrupt:10 Base address:0x310
>
> eth1 Link encap:Ethernet HWaddr 00:01:02:64:0A:6B
> inet addr:192.168.1.102 Bcast:192.168.1.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:4946 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1811 errors:0 dropped:0 overruns:0 carrier:0
> collisions:2 txqueuelen:100
> RX bytes:602307 (588.1 Kb) TX bytes:216816 (211.7 Kb)
> Interrupt:11 Base address:0xdc80
>
> eth0 is connected to 4 port router, which is connected to ADSL modem.
> eth1 is connected to 8 port hub, which is connected to other systems on
> the LAN.
>
> Output of route (collapsed slightly to fit width):
>
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 192.168.1.0 192.168.1.2 255.255.255.0 UG 0 0 0 eth0
> 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
> 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
> 127.0.0.0 * 255.0.0.0 U 0 0 0 lo
> default eth0 0.0.0.0 UG 0 0 0 eth0
>
> IP address of router is 192.168.1.1.
> IP address of eth0 is 192.168.1.2.
> IP address of eth1 is 192.168.1.102.
>
> Able to ping the router through eth0 with no problem.
>
> Problem: Cannot ping any systems on LAN through eth1 -- unless forced,
> all attempts to ping go through eth0 (default gateway, no surprise).
> When cables are switched to connect eth0 to the LAN, can ping the LAN
> through eth0 with no problems.
>
> iptables settings all set to ACCEPT to simplify testing of initial
> configuration (I'll worry about that later -- first things first).
>
> So, I've obviously missed something. Any suggestions for how to get eth1
> to "see" the LAN?
>
> [FollowUps set to comp.os.linux.networking]
You seem to be using the same IP address (192.168.1/24) on both sides of
your firewall/NAT box. This is definitely a problem. The firewall/NAT
box acts like a router, and routers join together network segments that
have *different* IP addresses. In other words, the networks on the two
sides of your firewall/NAT box must have different IP addresses. For
example, you could assign the IP address 192.168.1/24 to your "DMZ"
network, and the IP address "192.168.2/24" to your internal/private network:
Your xDSL router/modem
| (192.168.1.1/24)
|
| Your "DMZ" network (192.168.1/24)
|
| (eth0 - 192.168.1.2/24)
Your Linux firewall/NAT box
| (eth1 - 192.168.2.1/24)
|
| Your internal/private network (192.168.2/24)
|
(The hosts on your private network)
--
Jim
To reply by email, remove "link" and change "now.here" to "yahoo"
jfischer_link5809{at}now.here.com
- Next message: B'ichela: "Archie and Veronica search engines"
- Previous message: Claudio Nieder: "Re: iptables DNAT question"
- In reply to: Lyle H. Gray: "Using a linux server as a firewall"
- Next in thread: Bill Marcum: "Re: Using a linux server as a firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
