[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: ADSL Masuerading with 2.4.7-10 and ipchains Q



Hi,

First the warning -- I'm really a newbie, so I'm not sure if I'm giving you
the right advice.

I'm using RedHat 7.1 and IPChains (I guess that means I'm using IPTables
compatibility mode).

My setup is pretty much like yours, except that my modem is on eth0 and my
LAN is on eth1.

I found that in order to get the masqerading to work I had to add the
following to my firewall script:

ipchains -A input -i eth0 -s 10.0.0.138 -d 10.200.1.1 -j ACCEPT
ipchains -A output -i eth0 -s 10.200.1.1 -d 10.0.0.138 -j ACCEPT

I really have no idea if I've opened up a security hole or not (I sure hope
somebody will tell me if I have <g>)), but it works.

BTW, I notice that I'm blocking packets on eth0 going from
10.200.1.1:1025/1026/64715 to 10.0.0.1:53 (PROTO=17).  Can anybody tell me
what this might be?

Regarding loading modules -- I have the same problem as you -- couldn't load
the FTP module for example.  So I just commented out it out, figuring I'd
deal with it later.  And, what do you know?  I'm able to FTP from my windows
boxes.  Maybe somebody can explain/comment?

Regards,
Shosh Kalson

-----Original Message-----
From: linux-il-bounce@cs.huji.ac.il
[mailto:linux-il-bounce@cs.huji.ac.il]On Behalf Of Stiven Andre
Sent: Monday, October 29, 2001 10:36 AM
To: linux-il@linux.org.il
Subject: Re: ADSL Masuerading with 2.4.7-10 and ipchains Q


Hi List again.

First it is my network:
                          / ADSL-modem
192.168.1.1 (Linux box)--
                          \ Hub (192.168.1.x)

I use the option with two NICs.
When I configure the IPtables using the sample script from the how-to I
can't get
anything up maybe I miss something but I don't know what.
When I ping from 192,168.1.x (any machines from network) to 192.168.1.1 I
have a reply. After that I ping from 192.168.1.x to 213.119.131.19 (for
example) it is IP
of ppp interface on linux box I get the reply. But when I try to ping from
192.168.1.x to 192.116.192.9 (internet-Zahav DNS) or any other outside world
I get no reply.

I want to configure my network so the linux box will proovide masq and ftp
server.
I would be happy to use the iptables but ipchains has more modules and it is
only that I can get to work curretly.

I would very thank you if you will give me a small example of rc.firewall
with
minimal security and minimal set of rules so I can test that I have loaded
all
modules that are needed.

rc.firewall script that I found has too much rules and for option with one
NIC
after changing IP adresses it still not work...

Thanx X-Kent

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il



=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il