LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   firewall-jay disable internal routing and loopback (https://www.linuxquestions.org/questions/linux-networking-3/firewall-jay-disable-internal-routing-and-loopback-159702/)

Divinition 03-19-2004 02:11 AM
firewall-jay disable internal routing and loopback
 
Yao

I have 2 questions.

Is it possible in jay to disable internal routing. I have 2 local networks. I want them both to have access to the internet, but i dont want jay to route packets between the them.

and for the second question.
i have setup a portmap for port 80 to a server. This works fine for users that connect from outside the LAN. But if i type the external ip of the router from inside the LAN, i get nothing. On my old hardware router, this worked, so i guess it is possible.

Both of these most likely need custom settings and iptables
Could anyone please help me out :)

AutOPSY 03-19-2004 05:18 AM
what is an external router from inside the LAN?

benjithegreat98 03-19-2004 09:33 AM
I've never used firewall-jay so I don't know if it can be done in there. It can be done using iptables, however. I know firewal-jay uses iptables, but I can't tell you anything more past that. You would just deny any type of forwarding or input from one network to the other,. but make sure you allow forwarding from those networks to the outside world. If your router has 3 nics on it then you would probably deny and allow based on which nic it came from.

On the 2nd question, I don't think that firewalls or routers are really supposed to act as your old router did. Some of them are set up like that for convenience, however. It may be possible to do by adding your own iptable rule but I'm not sure.

Divinition 03-19-2004 11:54 AM
I did some research in iptables and the first problem works now :)
But whatever I do, I can't get the loopback to work.

Divinition 03-19-2004 11:56 AM
Hmmm perhaps i could fix that with a DNS setting

benjithegreat98 03-19-2004 12:19 PM
Is your loopback problem and your 2nd question the same thing?

If so, you are correct about having to add an internal DNS entry that points to the internal address of what you are trying to hit. If you try to do http://127.0.0.1 on your router then it will go to the router and NOT what is defined in your forwarding section of iptables. You may be able to create a rule where the input interface is lo and that forwards port 80 to you internal IP. I've never tried that so I don't know.

Or are you having trouble with loopback in general? Do you have this in your iptable definitions?
iptables -A INPUT -i lo -p all -j ACCEPT

Divinition 03-19-2004 12:31 PM
hmmm that might work

my problem is that

http://commandcrew.cjb.net
works from the internet as you might notice.
but it doesn't work if i type it on my lan.

benjithegreat98 03-19-2004 01:24 PM
Yes, I think the best thing for you to do is to set up an internal DNS server that everybody looks to first before they look at your ISP's DNS servers. This is what we do at the organization I am with. This is probably the best thing to do because you can now start setting up different host names for your internal networks. So IMHO the DNS enty for your internal network is the best thing to do.

Divinition 03-19-2004 01:42 PM
Do i have to add a new zone called cjb.net?
and set a subdomain called commandcrew
or is it possible to just set commandcrew.cjb.net to point to the local webserver?

I am rather new to settings up DNS servers

benjithegreat98 03-19-2004 01:46 PM
I believe you need to do it the first way you mentioned.


All times are GMT -5. The time now is 11:46 PM.