[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mandrake-newbie
Subject:    Re: [newbie] SNF packet forwarding problem.
From:       Isaac Curtis <dic98 () stout ! hampshire ! edu>
Date:       2001-08-31 17:19:15
[Download RAW message or body]

John Turnbull wrote:
> I am sorry to repost this request, but I have still not managed to turn
> on  forwarding in Mandrake SNF (original description follows). I do know
> a little more.  I have managed to install a different firewalling distro
> - smoothwall (www.smoothwall.org), so I do know that the problem is not
> due to some HP proprietary hardware weirdness.
> 
> How would I turn on forwarding, manually, in SNF?
> 
> Thank you again.  John T
> 
> 
> John Turnbull wrote:
> 
>>I have installed Mandrake SNF on an elderly HP Ventra with a 200MHz
>>Pentium Pro in a test-bed configuration.
>>
>>I have it set up with eth0 (ne2k-pci card - 192.168.3.34) connected to
>>the LAN side of my network and eth1 (3c59x - 192.168.4.34) running
>>through a crossover cable to a laptop acting as a stand-in for the
>>internet.
>>
>>From the HP firewall, I can ping both of its NICs and can also ping the
>>'internet' (laptop - 192.168.4.65) and any internal machine (say:
>>192.168.3.45), so the TCP/IP stuff seems to be fine.
>>
>>I can connect to the HP firewall with either ssh or Mandrake Security
>>(port 8443: I intentionally set it up to allow both) from either the LAN
>>side or the 'internet' side, but I cannot connect from the LAN side to
>>the internet side at all.
>>
>>Mandrake Security - Restrict Access  lists
>>    Firewall Rules   on
>>and
>>Mandrake Security - Internet Access  lists
>>    Access Status   Down
>>and no amount of poking  'Start' or 'Stop',  in any combination, seems
>>to change its status. . . sigh
>>
>>Any hints on how I should proceed would be appreciated.
>>
>>Thank you in advance.  John T
>>
>>(BTW what does 'Test' do?)
>>

John,

The command line solution can be found on page 216 of the Linux Network 
Administrator's Guide by Kirch & Dawson (O'Reilly & Associates). 
Depending on your kernel, one or more of these two line commands should 
take care of you.  Try each of them until one works.  After each attempt 
go to one of the LAN-side boxen and ping 216.239.39.100.  That's the IP 
for www.google.com.  If you get no response, you need to move on and try 
the next pair of commands for IP forwarding. If you get a response, try 
pinging www.google.com.  If you can ping the IP but not the domain name, 
you need to setup DNS and I can tell you how to do that, too.  Anyway, 
here's those commands, don't forget to "su" into root and remember that 
everything is case sensitive:

# ipfwadm -F -p deny
# ipfwadm -F -a accept -m -S 192.168.0.0/24 -D 0/0

(if your home network is different from 192.168.0.0, change the command 
to suit your network, just don't forget the /24 at the end, the same 
holds for the next pair of commands if these don't work)

# ipchains -P forward -j deny
# ipchains -A forward -s 192.168.0.0/24 -d 0/0 -j MASQ

and, lastly:

# iptables -t nat -P POSTROUTING DROP
# iptables -t nat -A POSTROUTING DROP -o ppp0 -j MASQUERADE

In that last case you will want to change "ppp0" to the appropriate 
ethernet device if you are connected through a DSL/cable connection on 
one of your ethernet cards, as opposed to a dial-up connection like 
these instructions assume.  Anyway, if you need any more help feel free 
to post again because I've learned a lot of networking stuff and I can 
recite the NetAdmin's guide like scripture now.  Good luck and please 
let me know if this works for you.

In Solidarity,
Isaac



"Nolite te bastardes carborundorum."
(Don't let the bastards grind you down)

  - The Handmaid's Tale, Margaret Atwood



["message.footer" (text/plain)]

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com


[prev in list] [next in list] [prev in thread] [next in thread]