It sounds as though you want to access your firewall from the inside. telnet <FIREWALL_SERVER> which is failing. Your problem may be the DMZ, you don't need one. The whole idea of a DMZ is that if a machine in the DMZ is compromized/hacked it cannot be used to access the firewall or your internal network. All packets which come from the DMZ are dropped if directed to the firewall or internal network. So if this is your home firewall and all you have is your internal home machines you do not need a DMZ. You really can't/shouldn't use private IP addresses in a DMZ.
As far as accessing the services running on the firewall all you should have to do to connect from outside, like from work to home, is to "OPEN" the ports that you need to connect to. For http edit the /etc/firewall/gShield. conf file search for http and "OPEN" the port then restart gShield with the command /etc/firewall/gShield.rc. I recommend you open as little as possible to the outside and to make sure that anything that is open is configured with acls where appropriate. Read the documentation and comments in the gShield files if this is unclear. -----Original Message----- From: Kevin Chan [mailto:[EMAIL PROTECTED]] Sent: Sunday, February 24, 2002 11:03 PM To: [EMAIL PROTECTED] Subject: Re: Can someone teach me how to set the IP-Table on RedHat 7.2 ? Hi Paul and all, First, I would like to say thanks for all who help me before ! Thanks again ! Finally, I can set the IP-Table for the PPP server to use NAT function. I am using gShield to config it and it's very easy to use. But I got another problem after using it and the problem is I can't use telnet, email and browse the PPP server (PPP server installed telent, sendmail and samba service) using internal network (PPP server IP - 192.168.13.222 , internal PC IP - 192.168.13.220). Also, I was set the 192.168.13.222 as a DMZ already ! Can someone teach me where I can config the IP-Table and make all the internal PC can telent, browse and check email ? Thanks and regards, Kevin Chan <Paul Hamm Wrote:> > iptables it the firewall of choice on kernel 2.4. There is a very nice well > documented script to run iptables it is called gShield. Get it from here > http://muse.linuxmafia.org/gshield.html. Make sure that ipchains is turned > off and that iptables is turned on "> chkconfig --level 345 ipchains off" "> > chkconfig --level 345 iptables on". Then reboot you can do the rmmod insmod > if you like but rebooting works fine if you are not sure how. The main > configuration file for gShield is /etc/firewall/gShield.conf. Start gShield > by running "> /etc/firewall/gShield.rc" be sure to add this to a boot script > so it starts automatically /etc/rc.d/rc.local will do. Out of the tarball > gShield will give you a nice tight firewall configuration. Just check that > your internet and internal NICs are properly identified in the config file > and that your private IP network is configured in /etc/firewall/conf/NATS. > gShield has some settings for DMZ, DMZ is generally a third NIC in your > firewall that handles machines that need to be visible on the net but that > you want to keep away from your internal network. > > Kevin your diagram looks as though you have a network configuration issue on > the internal NIC you should have something like this the internal, private > ip network should be the same not mixed. > > +----------+ > | Internet | > +----------+ > | > +-----------------------------------------------+ > | PPP/Internet Interface(Some_Public_IP) | > | || | > | Firewall/Gateway server | > | || | > | Internal Network Interface (10.x.x.x) | > +-----------------------------------------------+ > | > +----------------------------+ > | Client machines (10.x.x.x) | > +----------------------------+ > > -----Original Message----- > From: Kevin Chan [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, February 20, 2002 10:41 PM > To: [EMAIL PROTECTED] > Subject: Can someone teach me how to set the IP-Table on RedHat 7.2 ? > > > Hi all, > > Can someone teach me how to set the IP-Table on RedHat 7.2 ? > > I would like to set the PPP Client IP-10.0.0.1 can browse interent through > PPP Server IP-192.168.13.222. The simple diagram as below : > > > Internet(0.0.0.0) > > | > > PPP Server-Internal Interface(192.168.13.222) > > | > > PPP Client (10.0.0.1) > > I was wrote the scripts on below files, but seem like don't work (p.s. these > scripts is working on RH 7.0): > > etc/ppp/ip-up.local > --------------------------- > #!/bin/bash > ipchains -A forward -s 10.0.01 -d 0/0 -j MASQ > exit 0 > > etc/ppp/ip-down.local > ------------------------------- > #!/bin/bash > ipchains -D forward -s 10.0.0.1 -d 0/0 -j MASQ > exit 0 > > Please teach me how & where I can set the IP-Table to solve my > problem........ thanks ! > > Best regards, > Kevin Chan _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
