[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipchains-list
Subject:    Re: [IPChains]  [OFFTOPIC] Basic Routing Question
From:       Jerry Gregory <Jerry.Gregory () udlp ! com>
Date:       2002-03-29 13:14:51
[Download RAW message or body]

You have a routing problem.

The best (and easiest) solution would be to put eth2 on a different
subnet than eth0 or eth1, i.e., 100.100.101.1.  Then you would have no
overlap between your three ethernet cards.

If you MUST keep eth2 on 100.100.100.x subnet, then you must add an
explicit routing rule for that address,
For that, read the man pages for "route".

Jerry G.

>>> Emanuele Nannetti <nannetti@netaccess.it> 03/28/02 11:46AM >>>
I have configured ipchains in some linux boxes with Slackware 8 and 2
nic.
It work good!

Now I must configure a firewall with 3 ethernet cards (for a DMZ) and i
have
routing problems. I have Internet connected to eth0 (100.100.100.2),
Lan
connected to eth1 (192.168.1.1) and DMZ connected to eth2
(100.100.100.3),
inside DMZ is a Web server (100.100.100.4) and i have a cisco router
on
internet interface (100.100.100.1).

My routing table is:
100.100.100.0    0.0.0.0         255.255.255.0   U     0      0       
0
eth0
100.100.100.0    0.0.0.0         255.255.255.0   U     0      0       
0
eth2
192.168.1.0      0.0.0.0         255.255.255.0   U     0      0       
0
eth1
127.0.0.0        0.0.0.0         255.0.0.0       U     0      0       
0 lo
0.0.0.0          100.100.100.1   0.0.0.0         UG    1      0       
0
eth0

Now with ipchains Policy all ACCEPT and no ipchains rules, from
outside
(internet) i can't ping  eth2 interface (100.100.100.3)and the web
server
(100.100.100.4) too. I can ping only eth0 interface (100.100.100.2).

Wich routing rule I missed?

Sorry for this offtopic and thanks for your help.


Emanuele Nannetti nannetti@netaccess.it 
Netaccess srl


_______________________________________________
IPChains-list mailing list
IPChains-list@lists.balius.com 
http://lists.balius.com/mailman/listinfo/ipchains-list
_______________________________________________
IPChains-list mailing list
IPChains-list@lists.balius.com
http://lists.balius.com/mailman/listinfo/ipchains-list
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic