Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I am trying to setup RH 8.0 iptables to route on our network, the way we need it to. With the help great of DavidPhillips, I was able to get our RH server to route correctly, now I am trying to setup our firewall.
Here is what we want it to do. We would like to setup I guess you would call it a open part I.E. a non firewall section of our network, we would like that part of our internal network to have full access to the firewall part. I know Shorewall called this kinda a DMZ, I read through Shorewall and I think it is more complicated than the Iptables script file. So I would like to get the rcfirewall.txt script working.
On our network we have a 4 full class C's available, 192.168.69.0, 10.52.1.0, 10.52.2.0, 10.52.3.0. Our 192.168.69.0 is our standard workstation network. This is also the open network. Our cisco router is 192.168.69.1. Our RH box eth0 is on 10.52.1.200. For my testing I have been using on eth1 10.52.3.2 and a workstation on 10.52.3.60.
I have configured the rcfirewall.txt file the way I thought it should work, many times and still no luck. Here it is.
I had to do a few things different on my script file, but this is pretty much the same file, after reading through this though I am thinking that I could just enter a command into the DMZ zone and grant access through. But would like any input available. When the script file is run I am unable to get from any IP on 192.168.69.0 to 10.52.3.0.
# rc.firewall - Initial SIMPLE IP Firewall script for Linux 2.4.x and iptables
# Copyright (C) 2001 Oskar Andreasson <bluefluxATkoffeinDOTnet>
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program or from the site that you downloaded it
# from; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA
Cisco has a "local" ip of 192.168.69.1, your workstation network...
RH has eth0 ip 10.52.1.200 & eth1 ip 10.52.3.2...
Your first post didn't have a final reply, so which default gateway does RH have?
How are you connecting the workstation network 192.168.69.0 to the 10.55.x.x networks?
You will need to use the rc.DMZ.firewall script as a starting point, if you intend to put publicly available servers in a separate network.
Our internal network consists of 4 calss C's, 192.168.69.0 which we use for workstations. and 3 other class C's 10.52.1.0, 10.52.2.0 and 10.52.3.0. The cisco(192.168.69.1) has 2 network cards, one card routes the 192.168.69.0 and the other routes the 3 other 10.52. series. We have printers and other systems on the 10.52 class C's that we would like the 192.168.69.0 to be able to have access to but would not like the rest of the network to have access to.
I do not have access to the cisco router, and our corporate office will not grant access. The workstations browse the internet, so I need to leave that network alone.
What we want is to be able to have access to each class c on our network, but block anyone coming from our cisco router. So I thought that I could put a Redhat Box in and control access using a firewall.
peter_robb to answer your question the default gateway is 10.52.1.200.
I would almost agree with you that the DMZ script would be the answer, but not quite. What I need is a way to tell iptables that all information coming in from 192.168.69.0 is ok and let it go through.