edge router can't see out

edge router can't see out

Post by dougla » Tue, 02 Feb 1999 04:00:00



I have been trying to get the edge router setup to work on our network
and have run into a little problem.  Our situation is an ISDN line in
from our IP provider with a local network range of address 38.200.25.0 -
255, which are accessible from the outside world.

So, I set my old 486 box (with 2 NIC's) at 38.200.25.212 external and
192.168.1.254 internal, and set a couple of other machines up on the
internal private network.  Now, from the internal network I can ping all
the internal (192.168.1.0-.255) and the external machines
(38.200.25.0-.255).  I can even mount an external netatalk server
(38.200.25.112) on an internal (192.168.1.54) machine.  But from the
internal network I can not get out to the web.

Our DNS is set to 38.5.200.2, and out ISDN router is 38.200.25.1. I was
using the edge 0.6 release and had setup the network.txt file with all
the above values.  I'm sure this is some simple thing that I didn't put
in the right place, but I have exhausted my very limited knowledge.

Any help is much appreciated.

Douglas

 
 
 

edge router can't see out

Post by Wendel Lei » Thu, 04 Feb 1999 04:00:00


I have been trying the exact same setup, and I have the exact same
problem.  I have been working on it and I believe the problem has to
do with setting the gateway ip number for the external NIC.  The DHCP
setup works on the internal network, both network cards are recognized
by linux, and I can even ping the ISDN gateway router from behind the
firewall, but I can't figure out how to make the linux box forward
packets to the ISDN router so that I can get out to the web from
behind the firewall.  If any one knows how to solve this problem your
help would be greatly appreciated.

All and all though my complements to Fireplug.net and their Edge
router for the other things that work right out of the box.

Wendel



Quote:>I have been trying to get the edge router setup to work on our network
>and have run into a little problem.  Our situation is an ISDN line in
>from our IP provider with a local network range of address 38.200.25.0 -
>255, which are accessible from the outside world.

>So, I set my old 486 box (with 2 NIC's) at 38.200.25.212 external and
>192.168.1.254 internal, and set a couple of other machines up on the
>internal private network.  Now, from the internal network I can ping all
>the internal (192.168.1.0-.255) and the external machines
>(38.200.25.0-.255).  I can even mount an external netatalk server
>(38.200.25.112) on an internal (192.168.1.54) machine.  But from the
>internal network I can not get out to the web.

>Our DNS is set to 38.5.200.2, and out ISDN router is 38.200.25.1. I was
>using the edge 0.6 release and had setup the network.txt file with all
>the above values.  I'm sure this is some simple thing that I didn't put
>in the right place, but I have exhausted my very limited knowledge.

>Any help is much appreciated.

>Douglas


 
 
 

edge router can't see out

Post by Angel.. » Thu, 04 Feb 1999 04:00:00


How can I disable particular users from having telnet access?
 
 
 

edge router can't see out

Post by G.T. » Thu, 04 Feb 1999 04:00:00



>I have been trying to get the edge router setup to work on our network
>and have run into a little problem.  Our situation is an ISDN line in
>from our IP provider with a local network range of address 38.200.25.0 -
>255, which are accessible from the outside world.

>So, I set my old 486 box (with 2 NIC's) at 38.200.25.212 external and
>192.168.1.254 internal, and set a couple of other machines up on the
>internal private network.  Now, from the internal network I can ping all
>the internal (192.168.1.0-.255) and the external machines
>(38.200.25.0-.255).  I can even mount an external netatalk server
>(38.200.25.112) on an internal (192.168.1.54) machine.  But from the
>internal network I can not get out to the web.

AFAIK 192.168.x.x are reserved for private use and are not normally routed
through routers on the internet (your 486 is setup to route all addresses).
if you want this to work you need to run NAT on the old 486 box to map
private addresses to public ones like your 38.200.25.0 numbers.

Greg

 
 
 

edge router can't see out

Post by Trev » Fri, 05 Feb 1999 04:00:00



>How can I disable particular users from having telnet access?

Hi,
Use tcp_wrappers, Then enter in /etc/hosts.allow only those user you
wish to have acces. Can select which services to allow.
You must make sure you have others excluded in /etc/hosts.deny
More details are available in the 'man' pages for 'hosts.allow'

Hope this helps

Trevor
Oakhaven Consultants Ltd
Reading, England

 
 
 

1. Cable modem with Linux Router Project & Fireplug Edge Router - help with wierd ports!


router running on the Edge router floppy.  Normal traffic goes through
just fine (http, smtp, ftp, etc).  The problem comes in with games and
the default behavior of this friewall/router solution.  It is geared
towards security and defaults to deny everything and then let in things
on an as specified basis.  I would like this to be reversed - accept
everything in both directions and allow me to lock down individual ports
as needed.  This is how my previous Cisco 766 ISDN router worked (using
PAT - little brother to full-blown NAT - same function essentially; lets
multiple machines hide behind one valid IP).  I had no problems with
BattleZone or Quake2 or any other games with the Cisco but this Linux
router just refuses to play BattleZone.  I can enter the Internet lobby,
connect to the server, see active games, click join game, see the
players in the game, pick a tank and then try to launch and whamo - it
bangs on the connect a while (longer than it should or ever has) and
evetually just sits there forcing me to ALT-TAB to the desktop and do a
CTRL-ALT-DEL to kill the BattleZone task as the game will never launch.
I have experimented with the userin.txt and portfw.txt files and have
issued some "ipchains" commands in an attempt to work around this.

The lines I have put into /etc/userin.txt (commented out all others):

tcp             -d PUBLICIP 00000:65535
udp             -d PUBLICIP 00000:65535
icmp            -d PUBLICIP 00000:65535
tcp             -s PUBLICIP 00000:65535
udp             -s PUBLICIP 00000:65535
icmp            -s PUBLICIP 00000:65535

The way I'm understanding this, this should open up all ports in the
range of 0-65535 for all protocols.  Does this look right?

I have also experimented with the ipchains command.  I noticed that an
"ipchains -L" command would list a lot of default behaviors apparently
setup to filter out "unwanted" traffic.  I used an "ipchains -F" to
flush all settings out completely and the issued:

ipchains -A forward -s 10.1.1.0/24 -j MASQ -b

This sets up a bi-directional rule that *should* allow all protocols to
go in both directions (be MASQ forwarded to original host) but it
doesn't seem to matter much.  In fact with nothing but that rule
established I can do normal tasks just fine (like the post I'm writing
right now is being done in this mode).  Anyone have an idea why this
rule would allow normal traffic but *still* not allow game traffic to
get back and forth?  Seeing as I already have security inside the LAN
(PDC) I am not very concerned with that and would rather have the thing
wide open to the net, and *then* lock down ports that are potentially
troublesome (like udp 138/139 used to be on Win boxes).  What am I doing
wrong???

2. Best Cigars

3. Experience with Fireplug's Linux Edge Router ?

4. Solaris 2.5.1 hang with high network load...

5. Help! Can't FTP behind Edge router...

6. How to cp * where there is a lot of files in the directory ?

7. Can apache/stronghold log when a user 'click outs' of your site?

8. Q: malloc/free structures in core

9. It's not bad canned meat...

10. 'ping' sees route but 'telnet' doesn't??

11. Edge or Linux Router Projct + Server

12. Z-Edge 64 router