firewall-jay disable internal routing and loopback
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
firewall-jay disable internal routing and loopback
Yao
I have 2 questions.
Is it possible in jay to disable internal routing. I have 2 local networks. I want them both to have access to the internet, but i dont want jay to route packets between the them.
and for the second question.
i have setup a portmap for port 80 to a server. This works fine for users that connect from outside the LAN. But if i type the external ip of the router from inside the LAN, i get nothing. On my old hardware router, this worked, so i guess it is possible.
Both of these most likely need custom settings and iptables
Could anyone please help me out
I've never used firewall-jay so I don't know if it can be done in there. It can be done using iptables, however. I know firewal-jay uses iptables, but I can't tell you anything more past that. You would just deny any type of forwarding or input from one network to the other,. but make sure you allow forwarding from those networks to the outside world. If your router has 3 nics on it then you would probably deny and allow based on which nic it came from.
On the 2nd question, I don't think that firewalls or routers are really supposed to act as your old router did. Some of them are set up like that for convenience, however. It may be possible to do by adding your own iptable rule but I'm not sure.
Is your loopback problem and your 2nd question the same thing?
If so, you are correct about having to add an internal DNS entry that points to the internal address of what you are trying to hit. If you try to do http://127.0.0.1 on your router then it will go to the router and NOT what is defined in your forwarding section of iptables. You may be able to create a rule where the input interface is lo and that forwards port 80 to you internal IP. I've never tried that so I don't know.
Or are you having trouble with loopback in general? Do you have this in your iptable definitions?
iptables -A INPUT -i lo -p all -j ACCEPT
Yes, I think the best thing for you to do is to set up an internal DNS server that everybody looks to first before they look at your ISP's DNS servers. This is what we do at the organization I am with. This is probably the best thing to do because you can now start setting up different host names for your internal networks. So IMHO the DNS enty for your internal network is the best thing to do.
Do i have to add a new zone called cjb.net?
and set a subdomain called commandcrew
or is it possible to just set commandcrew.cjb.net to point to the local webserver?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.