LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Mandrak MNF 9.0 Problem. (https://www.linuxquestions.org/questions/linux-newbie-8/mandrak-mnf-9-0-problem-78830/)

dsheppard 08-04-2003 07:27 AM
Mandrake MNF 9.0 Problem.
 
Hello,

Could someone please help me.. I've spent the past 2 days searching and reading and tying and trying to get my MNF 9.0 to work.. I've rebuilt and played and reconfigured and really need some help as I am now going quite mad!!!!

I'm installing MNF on a machine with 3 NIC's and have moved it to my internal LAN with a machine on the LAN side and the rest of my network on the WAN side, including my old gateway. It's configured like this:

eth0 dmz 192.168.9.33 255.255.255.240
eth1 lan 192.168.9.1 255.255.255.224
eth2 wan 192.168.254.1 255.255.255.0

gateway for wan: 192.168.254.2

When I log into the firewall as su I can ping anything on any network and can get DNS resolution. I've tried to add a masq and all sorts of other things, but can't get the machine on the LAN to get anything back from anywhere.. I get REJECT logs from the lan2wan rule, so change that to ACCEPT and it does, but no replies..

Also, here's a copy of the "grep -v ^# /etc/shorewall/{zones,interfaces,masq,policy,rules} |grep -v ^$ > /root/output.txt" command. I've madea few mods, but still can't find anything..

/etc/shorewall/zones:
/etc/shorewall/zones:
/etc/shorewall/zones:lan LAN local_area_network
/etc/shorewall/zones:dmz DMZ demilitarized_zone
/etc/shorewall/zones:wan NET internet
/etc/shorewall/interfaces:
/etc/shorewall/interfaces:
/etc/shorewall/interfaces:dmz eth0 detect
/etc/shorewall/interfaces:lan eth1 detect
/etc/shorewall/interfaces:wan eth2 detect
/etc/shorewall/masq:
/etc/shorewall/masq:
/etc/shorewall/masq:
/etc/shorewall/policy:
/etc/shorewall/policy:
/etc/shorewall/policy:lan all REJECT info
/etc/shorewall/policy:dmz all REJECT info
/etc/shorewall/policy:fw all REJECT info
/etc/shorewall/policy:wan all DROP info
/etc/shorewall/policy:all all REJECT info
/etc/shorewall/rules:
/etc/shorewall/rules:
/etc/shorewall/rules:ACCEPT fw wan tcp 53 -
/etc/shorewall/rules:ACCEPT fw wan udp 53 -
/etc/shorewall/rules:ACCEPT dmz wan udp 53 -
/etc/shorewall/rules:ACCEPT lan wan udp 53 -
/etc/shorewall/rules:REJECT wan fw tcp 113 -
/etc/shorewall/rules:ACCEPT lan fw tcp 22 -
/etc/shorewall/rules:ACCEPT lan fw tcp 8443 -
/etc/shorewall/rules:ACCEPT fw lan icmp 8 -
/etc/shorewall/rules:ACCEPT lan fw icmp 8 -
/etc/shorewall/rules:ACCEPT lan dmz icmp 8 -
/etc/shorewall/rules:ACCEPT dmz lan icmp 8 -
/etc/shorewall/rules:ACCEPT dmz fw icmp 8 -
/etc/shorewall/rules:ACCEPT fw dmz icmp 8 -
/etc/shorewall/rules:ACCEPT lan wan tcp pop3 -
/etc/shorewall/rules:ACCEPT lan wan tcp smtp -
/etc/shorewall/rules:ACCEPT lan wan tcp http -
/etc/shorewall/rules:ACCEPT lan wan tcp https -
/etc/shorewall/rules:ACCEPT lan wan tcp ssh -
/etc/shorewall/rules:ACCEPT lan wan tcp ftp -
/etc/shorewall/rules:ACCEPT lan wan tcp nntp -
/etc/shorewall/rules:ACCEPT fw wan udp ntp -
/etc/shorewall/rules:ACCEPT lan wan tcp imap -
/etc/shorewall/rules:ACCEPT fw wan:20022 tcp ftp -

Please help...
Cheers,
Dean.

mindnumbed 08-04-2003 04:52 PM
try adding, in the masq file
eth0 eth1
eth2 eth1
eth0 eth2

this should allow the zones to talk to each other (loc to all and wan to dmz).

mindnumbed 08-04-2003 04:55 PM
soz, that's masquerading ip addresses (which is maybe not what you want, though it will be for lan2wan and mebbe wan2dmz). I have never really bothered with just routing as i have never had the need.
MN

dsheppard 08-05-2003 06:55 AM
Thanks, but din work..
 
Thanks for the help, I tried it all and didn't work.. I've updated the grep output above. I rebuild and got it working from the firewall only.. everything else is basse config..

Please help anyone..

Cheers,
Dean..

mindnumbed 08-05-2003 04:59 PM
hmm...i noticed your policy is rather aggressive... try putting in more accepts, maybe that will work - if you do all all accept, what happens?

i tend to start with that and then close up until things stop working. you've probs allready tried that though...you could always check the really obvious things like which nic is which, as it may not always be the one you expect, though it looks as if you're sorted that way. can the machines talk to the firewall?
MN

MN

dsheppard 08-05-2003 07:31 PM
Yeah, I know what you mean.. These are the default policies and rules though.. I thought I'd leave everthing default as I assumed it should work "out of the box" If I change the lan2wan policy to ACCEPT (with logging), I get and ACCEPT report on the firewall, but still no traffic..

Anymore ideas?? =P

Thanks,
Dean..

thecrews 08-06-2003 02:33 AM
You can try /etc/shorewall/policy:lan wan ACCEPT

mindnumbed 08-06-2003 04:40 AM
hrmmmmph... this is turning into a very interesting problem!
check /etc/shorewall/shorewall.conf, make sure IP_FORWARDING=On and NAT_ENABLED=Yes
long shot, but it could explain why it's not working

MN

thecrews 08-06-2003 01:04 PM
I had the same problem as dsheppard. In the manual for MNF http://www.mandrakelinux.com/en/doc/...l/ch06s04.html it had it in there (lan wan accept). I thought it would work without it too, but it doesn't for me.


All times are GMT -5. The time now is 07:43 AM.