'Re: [SLE] Re: [oclug] firewall/gateway/router'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       suse-linux-e
Subject:    Re: [SLE] Re: [oclug] firewall/gateway/router
From:       StarTux <matthew () psychohorse ! com>
Date:       2001-07-03 22:55:51
[Download RAW message or body]

For a standard 192.168.x.x address the subnet should be 255.255.255.0.
There is some way to figure this out based on IP, but I cannot remember.

Matt

--
"You know you have a Supernorn when he learns to run as root"

On Tue, 3 Jul 2001, rob wrote:

> > > I dont know where you get the 255.255.254.0
> >
> > this is the number I get when I run winipcfg on my Win Box, on the offical
> > paper work is is 255.255.252.0
> >
>
> Ok lets do one problem at a time... this is a 95/98 machine?
>
> just fro kicks go to yast,network config, net work base, f6
> you see the default netmask is 255.255.255.0
>
> Im not a network engineer but Im pretty sure 254 is not correct
>
> here is output from my w2k eg ipconfig /all
>
> Ethernet adapter Local Area Connection:
>
>
>
> 	Connection-specific DNS Suffix  . :
> 	Description . . . . . . . . . . . : SMC EZ Card 10/100 (SMC1211TX)
> 	Physical Address. . . . . . . . . : 00-80-ee-6F-f6-u7
>
> 	DHCP Enabled. . . . . . . . . . . : Yes
>
> 	Autoconfiguration Enabled . . . . : Yes
>
> 	IP Address. . . . . . . . . . . . : 10.54.6.5
>
> 	Subnet Mask . . . . . . . . . . . : 255.255.255.0
>
> 	Default Gateway . . . . . . . . . : 10.54.6.1
>
> 	DHCP Server . . . . . . . . . . . : 10.54.6.1
>
> 	DNS Servers . . . . . . . . . . . : 198.22.10.2
> 	                                    198.22.10.4
> 	Primary WINS Server . . . . . . . : 10.54.6.2
>
> 	Lease Obtained. . . . . . . . . . : Monday, July 02, 2001 8:39:41 AM
>
> 	Lease Expires . . . . . . . . . . : Monday, August 13, 2001 12:39:41 AM
>
> #####################################################################
>
> here is output from the linux server ifconfig
>
> eth0      Link encap:Ethernet  HWaddr ss:34:4f:39:f5:EC
>           inet addr:10.54.6.2  Bcast:10.54.6.255  Mask:255.255.255.0
>           inet6 addr: fe80::60:9739:b9ec/10 Scope:Link
>           inet6 addr: fe80::260:97ff:fe39:b9ec/10 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:235383 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:214437 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:3395 txqueuelen:100
>           Interrupt:10 Base address:0x230
>
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           inet6 addr: ::1/128 Scope:Host
>           UP LOOPBACK RUNNING  MTU:3792  Metric:1
>           RX packets:77480 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:77480 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>
>
>
>
>
>
>
>
> > >                                   ^^^^^
> > > 254? that should be 255
> > >
> > > Is your router doing dhcp to the lan? if so, you need to set that up in
> > > yast, network config, auto ip
> > >
> > > Does this router do NAT? if so I really wouldnt bother with SuSe FW as
> > > the router should have the capability of doing all the
> > > firewalling/blocking.
> > >
> > > I came in late on this but what kind of router is this? SMC? Netgear?
> > > does it have a NAT FW built in?
> >
> > Actually I'm don't have a commercial router.  I was just trying to discribe
> > what I was doing with this Linux Box I'm trying to set up.
> >
> > >
> > > most new router/hardware has NAT and FW with a web interface. I have a
> > > SMC and its great!!
> > >
> > > rob
> > >
> > > b stephen harding wrote:
> > > > On Monday 02 July 2001 09:36, you wrote:
> > > > > On Mon, Jul 02, 2001 at 12:18:23AM -0400, b stephen harding wrote:
> > > > > > External
> > > > > > eth0 24.x.x.x(IP), 24.x.x.1(gateway),
> > > > > > crxxxx-a.slnt1.on.wave.home.com(Domain)
> > > > > >
> > > > > >
> > > > > > Internal
> > > > > > eth1 192.x.x.1(IP), 192.168.100.7(gateway),
> > > > > > geeko-gate.crxxxx-a.slnt1.on.wave.home.com(Domain)
> > > > >
> > > > >     You specified a default gateway for the internal interface? Doesn't
> > > > > that defeat the purpose?
> > > > >
> > > > >     You should need only the one gateway (ie. Rogers' gateway). Then as
> > > > > long as you have the ipmasq modules loaded and have forwarding for your
> > > > > internal network enabled with ipchains, you should be good.
> > > > >
> > > > >     I'm loading these
> > > > >
> > > > > ip_masq_irc
> > > > > ip_masq_ftp
> > > > > ip_masq_user
> > > > > ip_masq_raudio
> > > > >
> > > > >     And then the appropriate rule to forward would be...
> > > > >
> > > > > # IP Masquerade from the internal network.
> > > > > $ipchains -A forward -s $innetwork/24 -j MASQ
> > > > >
> > > > >     where in your case (and mine),
> > > > >
> > > > >     $innetwork=192.168.0.0
> > > > >
> > > > >     Of course, you'll want a lot more in your firewall rules than that.
> > > >
> > > > Well I tried to restart my routing with rcroute restart and it
> > > > produced...
> > > >
> > > > [Error While Excuting:
> > > >         /sbin/route del -net 24.112.208.18 netmask 255.255.254.0 gw
> > > > 24.112.208.1 dev eth0
> > > >         route: netmask doesn't match route address
> > > >
> > > > shutting down routing
> > > > setting up routing (using /etc/route/.conf)
> > > > Error while excuting:
> > > >         /sbin/route add -net 24.112.208.18 netmask 255.255.254.0 gw
> > > > 24.112.208.1 dev eth0 # external "geeko-wall"]
> > > >
> > > > So the list between the square bracket is the error message.  God I feel
> > > > like I'm crawling though the dark!  I'm sure once this is done I'll think
> > > > it was just a bunch of fun (or not).
> >
> > I also get this message for FAILED services when I boot up this firewall
> > box.... "SuSEfirewall_init SuSEfirewall_setup SuSEfirewall_final".  I'm not
> > sure if that is related to the fact that the routing is not working?
> >
> > --
> > To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com
> > For additional commands send e-mail to suse-linux-e-help@suse.com
> > Also check the FAQ at http://www.suse.com/support/faq and the
> > archives at http://lists.suse.com
>
> --
> To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com
> For additional commands send e-mail to suse-linux-e-help@suse.com
> Also check the FAQ at http://www.suse.com/support/faq and the
> archives at http://lists.suse.com
>


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic