LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Firewall (https://www.linuxquestions.org/questions/linux-newbie-8/firewall-92345/)

dunmarie 09-13-2003 09:38 AM
Firewall
 
I am setting up a firewall in Linux using Redhat 9.0 (command line). I have loaded the standard "Servers" installation and installed two network cards.
On the one side my private network with IP: 10.xx.xxx.x and on the other a Router connecting to the Internet with a public IP: 196.xx.xxx.xxx.
My firewall, to be, has been setup with one nic (eth1) with IP: 10.xx.xxx.xxx to match my private network and on the other nic (eth0) with a public IP: 196.xx.xxx.xxx.
The firewall software has been set to no firewall in order for me to get the routing right. From the firewall, to be, I can ping my private network as well as the Internet. No problem.
From my private network, with Windows XP and gateway set to my firewall eth0 IP I can ping both nics, but I can't ping the Router nor the Internet.
The following settings has been done:

ifcfg-eth0:
DEVICE=eth0
IPADDR=196.xx.xxx.xxx
NETMASK=255.xxx.xxx.xxx
NETWORK=196.xx.xxx.xxx
BROADCAST=196.xx.xxx.xxx
ONBOOT=yes

ifcfg-eth1:
DEVICE=eth1
IPADDR=10.xx.xxx.xxx
NETMASK=255.xxx.xxx.xxx
NETWORK=10.xx.xxx.xxx
BROADCAST=10.xx.xxx.xxx
GATEWAY=196.xx.xxx.xxx (eth0)
ONBOOT=yes

route:
196.xx.xxx.x * 255.xxx.xxx.x eth0
10.xx.xxx.x * 255.xxx.xxx.x eth1
127.0.0.0 * 255.0.0.0 lo
default 196.xx.xxx.xxx 0.0.0.0 eth0

Iptables is setup to ACCEPT FORWARD
In sysctl.conf the line net.ipv4.ip_forward = 1 is set.

Is there something I am missing?
I can't find anything in the HOWTO's. I am sure it must be something simple.

Will I be able to use this Linux box to setup a VPN and Proxy as well?
It is a PIII 600MHz with 128MB ram.
Any help will be appreciated.
Thanks in advance.
:newbie:

Saraev 09-17-2003 11:19 PM
I don't quite understand. Is the linux box the router you're using, or do you have an additional router inbetween linux box and the Internet?

If you have a separate physical router, you need to use a second private network ID between the router and the linux box. The linux box shouldn't see the "public" addresses.

If you don't have a separate physical router, the linux box IS the router, make sure the /proc/sys/net/ipv4/ip_forward file has the "1" in it. I've found that I have to force it with the line "echo "1" >/proc/sys/net/ipv4/ip_forward" in the /etc/rc.local file.

dunmarie 09-18-2003 06:16 AM
There is a Cisco router with public IP between the firewall and the Internet. I have managed to get it going. Please look at the following post.
http://www.linuxquestions.org/quest...&threadid=82005

Also look at the following link.
http://morizot.net/firewall/gen/

My problem was with the iptables.
Thanks for all the help.


All times are GMT -5. The time now is 11:32 AM.