my lan surf the web through a firewall running rh 5.2, kernel 2.0.36 and
The lan is masquerated:
/sbin/ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0 #(should I add "-W
The lan uses private ip addresses like 192.168.1.X
My ISP uses dynamic IP address.
Win clients open/close the connection through dialmon.
Days ago, I clocked debug to 1 in diald.conf, looking for traffic which
made sometimes diald keep calling without request.
Monitorin /var/log/messages, I discovered:
P.S.: suppose FIP = firewall's dynamic IP address, as provided from my
PIP = remote IP address (my ISP's server);
LANIP = lan's private ip address of the client that's connecting
to the web.
..diald filter accepted rule 1 ... packet FIP, 61100 => PIP,53
..diald filter accepted rule 1 ... packet PIP, 53 => LANIP,1026
The firewall send requests for the client (and that's ok), but the
answers come to the clients inside the lan ?
Shouldn't they not exist for everyone beyond the firewall ?
Imput rules are:
/sbin/ipfwadm -I -p deny
/sbin/ipfwadm -I -a accept -S 192.168.1.0/24 -D any/0
/sbin/ipfwadm -I -a accept -S 127.0.0.1 -D any/0
/sbin/ipfwadm -I -a accept -P tcp -S any/0 -D any/0 1024:65535
/sbin/ipfwadm -I -a accept -P udp -S any/0 -D any/0 1024:65535
Forward policy is deny
I need help
13. Non-ISP dialup