IPTABLES, IPCHAINS, ARG!!

IPTABLES, IPCHAINS, ARG!!

Post by Scott Brow » Sun, 11 May 2003 11:50:50



Okay, I have been trying to make a firewall/IP masq. box.
I have Slackware 8.1 installed.
I have read instructions and examples of how to set it all up, my biggest
problem (I have been using iptables) is that it won't forward ip requests.
For context, I am doing this for someone who has DSL, being I am still
(sadly) on dial-up I cannot test it. So I set my Linux box up as a DHCP
server to emulate what the DSL will provider. I have eth0 connected to my
PC via crossover, and eth1 connected to my switch. Then I have a Win98
machine connected to the switch as well getting an DHCP IP from the
"firewall".

My PC can ping eth0 and the Win98 machine can ping eth1, My PC can't ping
eth1 or the Win98 machine, the Win98 machine can't ping eth0 or my PC.

The firewall rules work, I have been able to block ports.
I have /proc/sys/net/ipv4/ip_forward set to "1".

What else??

Scott

 
 
 

IPTABLES, IPCHAINS, ARG!!

Post by Horst Knobloc » Sun, 11 May 2003 18:57:03



Quote:> Okay, I have been trying to make a firewall/IP masq. box.
> I have Slackware 8.1 installed.
> I have read instructions and examples of how to set it all up, my biggest
> problem (I have been using iptables) is that it won't forward ip
> requests. For context, I am doing this for someone who has DSL, being I
> am still (sadly) on dial-up I cannot test it. So I set my Linux box up as
> a DHCP server to emulate what the DSL will provider. I have eth0
> connected to my PC via crossover, and eth1 connected to my switch. Then I
> have a Win98 machine connected to the switch as well getting an DHCP IP
> from the "firewall".

> My PC can ping eth0 and the Win98 machine can ping eth1, My PC can't ping
> eth1 or the Win98 machine, the Win98 machine can't ping eth0 or my PC.

I think the Win98 box does not know how to reach your PC
because it has no knowledge that your PC lies in a network
to be reached through the firewall.

Check whether the routing table on the Win98 box is properly
set up. It should have a default gateway set to the IP address
of the firewall's eth1.

If there is no default gateway set, check the DHCP configuration
of the firewall. The "option routers" should be set to the fw's
eth1 IP address.

If this is not the case, then you need to give more information
about your configuration (ifconfig, route -n, iptables rule set)
and the _exact_ error response of the ping commands.

HTH

Ciao, Horst
--
?When pings go wrong (It hurts me too)? E.Clapton/E.James/P.Tscharn

 
 
 

IPTABLES, IPCHAINS, ARG!!

Post by Philip Burro » Sun, 11 May 2003 18:58:35



Quote:> Okay, I have been trying to make a firewall/IP masq. box.

http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/
 
 
 

1. invoking ld(1) with -z ld32=arg when arg takes a comma

I want to set the default library search path (-YP) however as pointed
out in another thread ld doesn't automatically append 32|64 to each
path element.  To pass class-specific arguments, you invoke ld like so:

  ld -z ld32=arg1,arg2,...

however 'ld -z ld32=-Y,P,foo:bar' fails with

  ld: fatal: option -Y has illegal argument `P'
  ld: fatal: Flags processing errors

... of course, since the ld32 arg parsing eliminates the comma and treats
this as 3 args instead of 2.  I'd prefer not to play with env. vars.
Any way to work around this?  Should be a fairly trivial patch to ld
to allow it to handle '-Y P,' *cough*.

I can't pass -L arguments because they aren't searched the same way.

/fc

2. Apache problem

3. /bin/sh: VAR=function arg arg ? (possible?)

4. More stuff

5. ipchains/iptables question

6. ferm: 1.0pl8 release

7. ipchains vs iptables

8. Unix - Frequently Asked Questions (Contents) [Frequent posting]

9. Newbie-IPCHAINS or IPTABLE

10. ipchains or iptables?

11. ipchains -> iptables == NO Data FTP

12. Iptables to Ipchains

13. ipchains, iptables, ipmasqadm .... I′m confused