Hi all
I am one of the newbies and rather confused – any help appreciated.
I have a simple network
Adslmodem – unix box – hub – various windows boxes
(Note this modem also operates DHCP and as the DNS and Gateway – keep expecting it to make coffee one day)
I am using Fedora 2 and firegate to use the Unix box as my firewall.
Before I run the firegate script the Unix box can happily access the Internet and ping any external ip address or url (that accepts pings). My PCs cannot access the Internet at this stage.
Once I run the firegate script then the PCs can happily ping and access the internet (via the Unix box) but the unix box can no longer ping or access any site externally but can still ping internally any of my PCs.
Here is some of my data
ifconfig
eth0 Link encap:Ethernet HWaddr 00:80:C8
8:6D:C3
inet addr:192.168.1.4 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::280:c8ff:fed8:6dc3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1012 errors:0 dropped:0 overruns:0 frame:0
TX packets:910 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:182921 (178.6 Kb) TX bytes:114382 (111.7 Kb)
Interrupt:11 Base address:0x5000
eth1 Link encap:Ethernet HWaddr 00:02:E3:20:49:82
inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::202:e3ff:fe20:4982/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1141 errors:0 dropped:0 overruns:0 frame:0
TX packets:949 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:118700 (115.9 Kb) TX bytes:94120 (91.9 Kb)
Interrupt:10 Base address:0x9000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2802 errors:0 dropped:0 overruns:0 frame:0
TX packets:2802 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2868767 (2.7 Mb) TX bytes:2868767 (2.7 Mb)
Parameter section from firegate
VER="v0.79"
IPT="/sbin/iptables" # Location of your IPtables
EXT="eth0" # External interface name
INT="eth1" # Internal interface name
MASQ="192.168.10.0/24" # LAN IP range to masquerade; see
#
# Null "" allows ANY traffic in:
DHCP="192.168.1.1" # DHCP server(s) to allow inbound
DNS="192.168.1.1" # DNS server(s) to allow inbound
IDENT="1" # Use Ident/Auth? 0=REJECT 1=ACCEPT
SSH="1" # SSH in from Internet? 0=NO 1=YES
PING="1" # Allow PINGs inbound? 0=NO 1=YES
QUIET="1" # Ignore common scans? 0=NO 1=YES
DROPEXT="0" # Drop all external traffic when you
# stop the firewall? 0=NO 1=YES
WEBPORT="80" # If ISP blocks port 80, change here
HTTP="192.168.1.1" # Forward HTTP > LAN IP; "" disables
SMTP="192.168.1.1" # Forward SMTP > LAN IP; "" disables
AIM="5190" # Port(s) forwarded to internal LAN
ICQ="4001:4005" # machines using IP masq; null value
MSN="1863" # "" disables that one. For a range
P2P="" # (eg ICQ) use colon between ports.
CAM="8080" # Forward port number to internal IP;
CAMIP="192.168.1.1" # a null value "" for both disables
