--- Jeff Vian jvian10@charter.net wrote:
# service iptables stop # cd /etc/sysconfig # mv iptables iptables.save
[olivares@rio ~]$ su - Password: [root@rio ~]# service iptables stop Flushing firewall rules: [ OK ] Setting chains to policy ACCEPT: mangle filter nat [ OK ] Unloading iptables modules: [ OK ] [root@rio ~]# cd /etc/sysconfig/ [root@rio sysconfig]# mv iptables iptables.save mv: overwrite `iptables.save'? n [root@rio sysconfig]# mv iptables iptables.save2 [root@rio sysconfig]# mv iptables.save iptables [root@rio sysconfig]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 10.154.19.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 0.0.0.0 10.154.19.1 0.0.0.0 UG 0 0 0 eth0 [root@rio sysconfig]# service network restart Shutting down interface eth0: [ OK ] Shutting down interface eth1: [ OK ] Shutting down loopback interface: [ OK ] Disabling IPv4 packet forwarding: [ OK ] Setting network parameters: [ OK ] Bringing up loopback interface: [ OK ] Bringing up interface eth0: [ OK ] Bringing up interface eth1: [ OK ] [root@rio sysconfig]#
Then try rebuilding the firewall manually.
I do not know how to do this, but I will read up on the page for fwbuilder. The network is up again because I moved the older iptables.save into iptables and it is up.
I even switched the cables from the machine to see if it would work and it failed.
Will report back. Thanks Jeff you have been very helpful.
Best Regards,
Antonio
I would suggest that you rebuild it yourself, and maybe use fwbuilder to assist.
What you must do is:
- Allow the linux box to access all outbound
communications -- probably on both eth1 and eth0. 2. Not allow access from the outside network to the linux box, except for DNS 3. allow all established,related communications in both directions. 4. provide masquerading for all outbound connections from the LAN (eth1) to the WAN (eth0) 5. allow IP forwarding
I am replacing a firewall at home tonight and will send you the script I use on it _after_ it has been tested.
On Thu, 2005-09-01 at 12:10 -0700, Antonio Olivares wrote:
--- Jeff Vian jvian10@charter.net wrote:
On Thu, 2005-09-01 at 04:53 -0700, Antonio
Olivares
wrote:
--- Jeff Vian jvian10@charter.net wrote:
On Wed, 2005-08-31 at 17:16 -0700, Antonio
Olivares
wrote:
--- Jeff Vian jvian10@charter.net wrote:
> On Wed, 2005-08-31 at 12:20 -0700,
Antonio
Olivares
> wrote: > > > > --- Antonio Olivares
> wrote: > > > >
*nat :PREROUTING ACCEPT [759:76421] :POSTROUTING ACCEPT [4:288] :OUTPUT ACCEPT [394:23805] -A POSTROUTING -o eth1 -j MASQUERADE -A POSTROUTING -o eth0 -j MASQUERADE -A POSTROUTING -o eth1 -j MASQUERADE -A POSTROUTING -o eth0 -j MASQUERADE -A POSTROUTING -o eth1 -j MASQUERADE -A POSTROUTING -o eth1 -j MASQUERADE COMMIT # Completed on Wed Aug 31 07:52:24 2005 [root@rio ~]# cat
/proc/sys/net/ipv4/ip_forward
1 [root@rio ~]#
Thanks for all your help and suggestions. It
will
work. It is just a matter of finding where
things
are
stopping.
Best Regards,
Antonio
Attached is a basic script for a firewall/router like you are using.
Simply put it somewhere on the linux box, make
it
executable, then as root run it.
After running this script, rerun "service
iptables
save" to save the rules so they load automatically when you
reboot.
It should load all the rules you need for a
dynamic
external address on eth0, a fixed internal address on eth1, and DNS
on
the external network.
To test that it works, simply retry (from the windows box) the ping commands I gave earlier, and even try a ping to www.yahoo.com. If they all work then you should be all set.
This was generated using fwbuilder which is
readily
available on the net from www.fwbuilder.org or on sourceforge.
HTH Jeff
Now, I cannot access the local network and the internet from the machine. The eth0 device was assigned an IP according to its MAC address and
now it
does not work, it says that it is active. When I
shut
down the machine it gave me some weird message
which I
do not know how to get since I am sending this
from the other machine which has internet access
in my
classroom. Is there a way to solve this issue?
TIA
Antonio
Start your day with Yahoo! - make it your home
page
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com