[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Linux Firewall.



Hi.

A quote from the Firewall-HOWTO :


  Now try to ping the outside address of the firewall (199.1.2.10) from
  a computer on your LAN. This shouldn't work.  If it does, you have
  masquerading or IP Forwarding turned on, or you already have some
  packet filtering set. Turn them off and try again. You need to know
  the filtering is in place.

  For kernels newer then 2.1.102 you can issue the command;


      echo "0" > /proc/sys/net/ipv4/ip_forward

However, later on the chapter he wrote :

Now turn on IP forwarding and/or masquerading. You should be able to
  ping the anywhere on the Internet from any system on your LAN.


      echo "0" > /proc/sys/net/ipv4/ip_forward



Ok, I didn't saw that on the HOWTO (if i'm not wrong the command supposed to
be :
                                                               echo "1" >
/proc/sys/net/ipv4/ip_forward )

I just saw that i need to put 0 on the ip_forward.

Guy, Thanks for the correction.

Everyone else, Thanks for your help :-)


Mike

(BTW, it's just the beginning, if anyone knows how to use a WAN interface
please contact me.)




Mike Almogy.
Mofet Institute - Computer Dpt.
+972-3-6901415
+972-52-562237
----- Original Message -----
From: "Guy Cohen" <guy@crypto.org.il>
To: "Izar Tarandach" <izar@linuxqa.com>
Cc: <linux-il@linux.org.il>
Sent: Wednesday, April 05, 2000 4:11 PM
Subject: Re: Linux Firewall.


> At this (Wed, Apr 05, 2000 at 03:32:59PM +0200) day, Izar Tarandach wrote:
> | Guy Cohen wrote:
> |
> | > This is getting to be a circus !
> |
> | A quite common occurance in this list. But it seems that
> | some people take exception when it is not _their_ circus.
>
> This is not a private list. it's a _public_ circus.
>
> |
> | > You CAN NOT run a firewall when ip-forwarding is disabled !
> | > the basic thing about a firewall is that it forwards packets,
althought
> | > applaying some sort of restriction at the forwarding rules.
> | >
> |
> | *Sigh*. We are very sorry we offended your finely honed perceptions
> | of a functioning firewall. Now, the firewalling setup WILL run. It just
> | won't do what it is supposed to do, which is quite diferent from
> | what he was asking. Satisfied ?
>
> a. if you *sing* then don't talk. or better yet, shutup.
> b. If you have no idea about somthing, don't give advise, you are
confusing
> the onse in need for advise.
>
> |
> |
> |
> | --izar
> | --------------------------------------------------Aduva/LinuxQA Inc.
> |                                   Izar Tarandach
> |                                   Daemon Exorcist,Research Team Lead
> | --public keys available at:-------------http://www.linuxqa.com/~izar
> |
> |
>
> =================================================================
> To unsubscribe, send mail to linux-il-request@linux.org.il with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail linux-il-request@linux.org.il
>
>


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il