Re: Struggling with firewall setup
From: B (martin_byrne2@yahoo.co.uk)Date: 02/08/02
- Next message: Jorrit Tyberghein: "Re: Struggling with firewall setup"
- Previous message: Werner Brockhoven: "Re: Struggling with firewall setup"
- In reply to: Jorrit Tyberghein: "Struggling with firewall setup"
- Next in thread: Jorrit Tyberghein: "Re: Struggling with firewall setup"
- Reply: Jorrit Tyberghein: "Re: Struggling with firewall setup"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: martin_byrne2@yahoo.co.uk (B) Date: 8 Feb 2002 06:14:28 -0800
Is ip forwarding enabled on the firewall ? If not add the following to
your iptables script
echo "1" > /proc/sys/net/ipv4/ip_forward
Cheers
Jorrit Tyberghein <Jorrit.Tyberghein@uz.kuleuven.ac.be> wrote in message news:<3C638627.7000103@uz.kuleuven.ac.be>...
> Hi everyone,
>
> We have a serious problem getting our firewall to operate.
>
> First our setup:
> - Pluto: our firewall linux server, currently running Suse 7.3
> Pluto has two ethernet adaptors. eth1 points to untrusted networks
> (outside)
> and eth0 is connected to inside (Jupiter).
> - Jupiter: our internal server, currently running Suse 6.2
>
> Now the story. Initially Pluto was also running Suse 6.2 and there we had a
> ipchains based firewall running which worked perfectly. Because we
> needed some new software on Pluto we had to upgrade. First we tried
> to let the Suse upgrade utility bring Pluto from 6.2 to 7.3 but that failed
> horribly and left us with an unusable system. So we decided to install
> Suse 7.3 from scratch on Pluto. This worked fine and Pluto now has a nicely
> running 7.3 system.
>
> From Pluto we can connect and browse on the internet and Pluto itself
> is also reachable from the internet (we have a web server running on
> Pluto).
>
> Since Suse 7.3 is based on kernel 2.4 we decided to use an iptables
> based firewall (I'm not even sure it is even possible to use ipchains
> on kernel 2.4 easily?). After trying lots of things we cannot get this
> working. The test we are using is to do 'ping' to the ip address of an
> external site (google in this case) from Jupiter. Pluto should let this
> ping through. But no matter what we do, we cannot get this working.
> We even tried the following:
>
> iptables -P FORWARD ACCEPT
> iptables -P OUTPUT ACCEPT
> iptables -P INPUT ACCEPT
> iptables -F FORWARD
> iptables -F OUTPUT
> iptables -F INPUT
>
> In other words: we completely cleared the three iptables chains
> and set the default policy to accept. As far as I understand this should
> make
> sure that all packages are accepted. Even so we can still not ping from
> Jupiter to the internet (and accessing the ssh server on jupiter from
> the internet
> also doesn't work).
>
> /etc/route.conf is about the same as it was on the old Pluto
> configuration (we
> kept a backup of the original Suse 6.2 configuration).
>
> Who can help us tell what we need to do to get package forwarding working
> in the assumption that the firewall is completely open? Are there any
> diagnostic
> tools that we can use to test all this?
>
> Help is urgently appreciated! Many thanks in advance.
>
> Greetings,
- Next message: Jorrit Tyberghein: "Re: Struggling with firewall setup"
- Previous message: Werner Brockhoven: "Re: Struggling with firewall setup"
- In reply to: Jorrit Tyberghein: "Struggling with firewall setup"
- Next in thread: Jorrit Tyberghein: "Re: Struggling with firewall setup"
- Reply: Jorrit Tyberghein: "Re: Struggling with firewall setup"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
