Linux Firewall/Router with ISDN Dial in Config Problems

Linux Firewall/Router with ISDN Dial in Config Problems

Post by Till Mommse » Mon, 01 Mar 1999 04:00:00



Hello,

got a problem configuring a router Firewall....Please help :-)

Situation:
Have network wit NT $.0 WS clients (192.168.2.0/24 Adress space) and a Linux
Router/Firewall. Internet Access via Dial up ISDN Line to T-Online. Internet
Access works fine with no ipfwadm Rules specified. Once I start stating
rules in /etc/ppp/ip-up I can't access any more, though I can ping the DNS
Server

I specified the follwing rules:

# flush
ipfwadm -I -f
ipfwadm -O -f
ipfwadm -F -f

# default deny
ipfwadm -I -p deny
ipfwadm -O -p deny
ipfwadm -F -p deny

# accept access to dns from LAN (T-Online Name Server
# 194.25.2.129)
# by CT, Dr. Diedrich:
ipfwadm -F -a accept -m -b -P udp -S 192.168.2.0/24 -D 194.25.2.129 53
ipfwadm -I -a accept -P udp -W $INTERFACE -S 194.25.2.129 53
ipfwadm -O -a accept -P udp -W $INTERFACE -D 194.25.2.129 53
ipfwadm -I -a accept -P udp -W eth0 -D 194.25.2.129 53
ipfwadm -O -a accept -P udp -W eth0 -S 194.25.2.129 53

# Access to Web-Server via T-Online Proxy Server 193.158.131.166 Port 80
ipfwadm -F -a accept -m -b -P tcp -S 192.168.2.0/24 -D 193.158.131.166 80
ipfwadm -I -a accept -P tcp -W $INTERFACE -k -S 193.158.131.166 80
ipfwadm -O -a accept -P tcp -W $INTERFACE -k -D 193.158.131.166 80
ipfwadm -I -a accept -P tcp -W eth0 -D 193.158.131.166 80
ipfwadm -O -a accept -P tcp -W eth0 -S 193.158.131.166 80

I also tried to use 0.0.0.0/0 80 instead of the T-Online Proxy IP. It makes
no difference wether I define proxy settings in the Client browsers or not.

Where is my problem???

Thanks for hints,

Till

 
 
 

Linux Firewall/Router with ISDN Dial in Config Problems

Post by Malwar » Tue, 02 Mar 1999 04:00:00


Hi Till,


> got a problem configuring a router Firewall....Please help :-)

Grab your answer in de.comp.os.unix.networking, where you asked same
stuff in German.

Malware

 
 
 

1. Problems with dialing out when dial-ins are enabled

I'm having trouble getting dial-outs to work when dial-ins are
enabled.  I can dial out on /dev/cua1 when getty isn't running
on /dev/ttyS1, but when getty is running I get a message that
the port I'm trying to dial-out on (/dev/cua1) is in use.  I
read the FAQs and everything seems to be set up right.  What
am I doing wrong?  

[I'm running SLS 1.02 (0.99pl9).]
--
Eric Dittman                  Texas Instruments - Component Test Facility

Disclaimer:  Not even my opinions.  I found them by the side of the road.

2. Solaris 2.6 and Quantum SDLT

3. SnapGear firewall, ADSL router and backup ISDN router

4. UNIX SWAP SIZE

5. Setting up firewall for dial-ins: How?

6. ifconfig eth0 problems

7. pppd dial ins and , "LCP: timeout sending Config-Requests"

8. display garbled

9. linux as a dial-on-demand ISDN router?

10. Offline mail with ISDN Dial on Demand Router

11. Blocking TCP/IP ports to stop ISDN Router dialing in

12. Dial-Up Router for ISDN

13. Win98 connect to internet via linux router with ISDN card (ISDN configured yet)