by I have my LAN connected to the Internet over a Linux-Gateway using ISDN
(ippp0). Everything works fine with masquerading. Now I want to set up
packetfiltering when the link goes up.
I inserted following lines in the dial-up script, where $INTERFACE means
ippp0:
# flush and deny everything
ipfwadm -O -f
ipfwadm -I -f
ipfwadm -O -p deny
ipfwadm -I -p deny
# my LAN needs full accces to the gateway
ipfwadm -O -a accept -b -S 0.0.0.0/0 -D -W eth0
ipfwadm -I -a accept -b -D 0.0.0.0/0 -S 192.168.42.0/24 -W eth0
# accept dns
ipfwadm -O -a accept -P udp -S 0/0 53 1024:65535 -D 0/0 53 -W
$INTERFACE
ipfwadm -I -a accept -P udp -D 0/0 53 1024:65535 -S 0/0 53 -W
$INTERFACE
ipfwadm -O -a accept -P tcp -S 0/0 53 1024:65535 -D 0/0 53 -W
$INTERFACE
ipfwadm -I -a accept -P tcp -D 0/0 53 1024:65535 -S 0/0 53 -k -W
$INTERFACE
# accept connect from gateway to internet, PORT 113(auth) needed
for Provider Authentication
ipfwadm -O -a accept -P tcp -S 0/0 1024:65535 -D 0/0 -W
$INTERFACE
ipfwadm -I -a accept -P tcp -D 0/0 1024:65535 -S 0/0 -k -W
$INTERFACE
ipfwadm -I -a accept -P tcp -D 0/0 113 -S 0/0 -W $INTERFACE
# deny, last match
ipfwadm -I -a deny -o -P tcp -S 0/0 -D 0/0 -W $INTERFACE
ipfwadm -I -a deny -o -P udp -S 0/0 -D 0/0 -W $INTERFACE
My default Forwarding Rule is:
ipfwadm -F -a accept -P all -S 192.168.42./24 -D 0/0 -m -W
$INTERFACE
IT DOESNT WORK, and I dont know why. My kernel message when the
connections hangs is as follows:
ipppd[96]: local IP address 212.7.130.45
ipppd[96]: remote IP address 212.7.128.195
kernel: ip_rewrite_addrs(): shifting saddr from 192.168.0.99 to
212.7.130.45 (state 4)
The LAST LINE appears only with my rules, after a while the connections
goes down and afterwards up again and so on.
What is wrong?
Thanks for your help,
Folker Wendt