| View previous topic :: View next topic |
| Author |
Message |
kevmarks
n00b
Joined: 26 Oct 2002
Posts: 16
|
 Posted: Fri Nov 08, 2002 3:50 am Post subject: bridged firewll |
 |
|
ok, I have downloaded gentoo and set it up on and old HP Netserver LD server. 2 NIC's are installed and one is connected to my DSL modem (earthlink) the other is connected to my linksys switch (i.e internal network).
I have recompiled my kernel to include all the extra netfilter code I need. rp-ppoe is installed and working fine. I can ping this mahine from a workstation and the server can ping the outside world.
At this point I am not interested in getting the firewall to work, I just want the thing to msquerade my internal network to the internet. I have tried the following
iptables -append forward --in-interface eth0 -j accept
iptables --table nat --append postrouting --out-interface ppp0 -j masquerade
but no luck. I set the server as the default route on all the workstations, but I just can't ping the ppp0 interface. Do I have to install some kind of third party bridging software to get linux to bridge properly? Has anybody actually managed to do this with gentoo? |
|
| Back to top |
|
 |
securiteaze
Tux's lil' helper
Joined: 24 Oct 2002
Posts: 77
Location: Tulsa,Oklahoma
|
| Posted: Fri Nov 08, 2002 7:32 am Post subject: |
|
|
I don't think you want a bridge, unless you have public IPs on your internal network.
You described a masquerading router. There is no need for third party software to perform those functions.
Have you read the Documentation? 
_________________
Blah.. |
|
| Back to top |
|
|
splooge
l33t
Joined: 30 Aug 2002
Posts: 636
|
| Posted: Fri Nov 08, 2002 7:54 am Post subject: |
|
|
This is a 2 liner:
echo "1" > /proc/sys/net/ipv4/ip_forward
That turns it on in the kernel. Next step:
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
I think that should do it for ya, but I would recommend this instead:
http://projectfiles.com/firewall
Just download that sucker, chmod it to 755, edit it to open the ports you want open to the outside world, and run it. |
|
| Back to top |
|
|
noise
n00b
Joined: 07 Nov 2002
Posts: 35
|
| Posted: Fri Nov 08, 2002 9:56 am Post subject: |
|
|
i have a lill quetsion...
rc.firewall that splooge is talking about...
1. if i use the script, do i still have to make rules for iptables?
2. how do i make the script start on boot? put it in the local.start (just the /path/filename)?? |
|
| Back to top |
|
|
splooge
l33t
Joined: 30 Aug 2002
Posts: 636
|
| Posted: Fri Nov 08, 2002 5:50 pm Post subject: |
|
|
1) No, the script does everything, except for compile the right modules into your kernel.
2) You can put it in your local.start, but it's made to also be able to run as an init script at boot time. I simply copied it over my current iptables file in /etc/init.d then did a rc-update add iptables default. |
|
| Back to top |
|
|
kevmarks
n00b
Joined: 26 Oct 2002
Posts: 16
|
| Posted: Fri Nov 08, 2002 8:45 pm Post subject: |
|
|
ah echo "1" > /proc/etc..
I have been doing echo 1 > /proc/etc..
could it be the little speach marks making the difference? I will try it tonight |
|
| Back to top |
|
|
kevmarks
n00b
Joined: 26 Oct 2002
Posts: 16
|
| Posted: Mon Nov 11, 2002 3:59 am Post subject: |
|
|
yup, that was it. Just needed the little speach marks. I can now ping the ppp0 interface. But can't get out to the internet from the workstations. Ah well, good job I don't have a deadline for this server  |
|
| Back to top |
|
|
mglauche
Retired Dev
Joined: 25 Apr 2002
Posts: 564
Location: Germany
|
| Posted: Mon Nov 11, 2002 4:38 pm Post subject: |
|
|
back to that bridged firewall topic  anyone did try one yet ? I imagine you need something like 3 nic's 2 for the bridge, and 1 for access .. filtering without beeing seen seems not so bad for me ... |
|
| Back to top |
|
|
|
Networking & Security
