Heman, 
        I managed to get it working.  Thanks for the tip re: the
unresponsive router.
Rob


> -----Original Message-----
> From: Heman Leopando [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, January 24, 2001 4:18 PM
> To: [EMAIL PROTECTED]
> Subject: RE: More Firewall Problems
> 
> 
> if you can connect to the internet from your firewall and not 
> from your lan
> then the problem is that internet bound traffic from your lan is not
> masqueraded when it leaves your external interface.
> 
> If you setup masquerade rules, then from your firewall, do a 
> tcpdump on your
> external interface to see if packets from your lan even gets 
> to that point.
> If it doesn't then you will have to add masquerade rules.  From your
> previous email you are allowing input,output, and forward chains.
> 
> I too have a similar setup at home.  I have a firewall box directly
> connected to the internet through a cable modem.
> 
> Heman
> 
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Tanner, Robby
> > Sent: Wednesday, January 24, 2001 1:40 PM
> > To: '[EMAIL PROTECTED]'
> > Subject: RE: More Firewall Problems
> >
> >
> > Wait a minute, I think I failed to mention that I am
> > connected via cable
> > modem to the internet, so my default gateway on the Linux box is
> > 24.68.176.1, while for the LAN it is 204.112.40.3.  Does this
> > change things?
> > My "external" card is not directly connected to the internet,
> > but is routed
> > through the above mentioned gateway (x.x.x.1).  So again,
> >
> > Internet gateway: 24.68.176.1/24 (connected directly to
> > external Linux box
> > card 24.68.176.193/24).
> > Internal adapter address: 204.112.40.3/24
> >
> > > -----Original Message-----
> > > From: Heman Leopando [mailto:[EMAIL PROTECTED]]
> > > Sent: Wednesday, January 24, 2001 3:25 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: RE: More Firewall Problems
> > >
> > >
> > > add masquerade rules
> > >
> > > example:
> > >
> > > ipchains -A forward -b -j MASQ -s 0/0 -d 204.112.40.0/24
> > >
> > >
> > > > Chain input (policy ACCEPT):
> > > > Chain forward (policy ACCEPT):
> > > > Chain output (policy ACCEPT):
> > > >
> > > > I am unable, however, to ping the default gateway for the
> > > > external card
> > > > (24.68.176.1)
> > >
> > > that router is set to drop ICMP packets or deny ICMP echo
> > >
> > > > or reach any part of the internet from any
> > > > computer other than
> > > > the firewall.
> > >
> > > masquerade rule?
> > >
> > > > >
> > > > > If you turn off ip forwarding, you won't be able use IP
> > > > > masquerading. Your
> > > > > firewall is simply dropping all these packets it is
> > > > > receiving, since they
> > > > > aren't addressed to one of 
> 127.0.0.0/24.68.176.193/204.112.40.3
> > > > >
> > > > > John
> > > > >
> > >
> > > Heman
> > >
> > >
> > >
> > > _______________________________________________
> > > Redhat-list mailing list
> > > [EMAIL PROTECTED]
> > > https://listman.redhat.com/mailman/listinfo/redhat-list
> > >
> >
> >
> >
> > _______________________________________________
> > Redhat-list mailing list
> > [EMAIL PROTECTED]
> > https://listman.redhat.com/mailman/listinfo/redhat-list
> 
> 
> 
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
> 



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to