[lug] Firewall spontaneously combusted???
kevin at scrye.com
Fri Sep 10 17:54:40 MDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "David" == David Morris <lists at morris-clan.net> writes:
David> Ok, this is strange. I recently moved and just got my new DSL
David> link installed. I booted up my firewall system, an old Sparc
David> LX, updated the IP address for the external interface and in my
David> firewall script, then started up the firewall.
David> No joy. No packets routed from my other computers at all.
David> The following commands should setup IP Masquerading on any
David> system with multiple interfaces where eth1 is the external
David> cat 1 > /proc/sys/net/ipv4/ip_forward iptables --table nat
David> --append POSTROUTING \ --out-interface eth1 --jump SNAT \ --to
David> I can run these commands on other systems and I get IP
David> Masquerading as expected. Just before I moved I could run it
David> on the Sparc LX with as well and it worked there.
Odd. I don't think that would work anywhere.
cat 1 > /proc/sys/net/ipv4/ip_forward
will cat the contents of a file called '1' into that proc file.
Perhaps you meant to do:
echo 1 > /proc/sys/net/ipv4/ip_forward ?
David> Now, I run it and I get *nothing*.
David> The packets are being received by the system and that no
David> packets are being lost no matter how big. I can ping out of
David> both interfaces from the Sparc LX, and into it from other
David> computers on both sides. The only thing I changed was the
David> physical location and the IP address of the external interface.
David> Anyone have any ideas on what happend, or what I can do to fix
Try the echo and make sure it's setting ip_forward...
Otherwise it might be hitting another rule before the one you are
appending to? Perhaps a deny all before that?
David> System details:
David> Hardware: Sparc LX Distro: Debian testing (sarge) Kernel:
David> 2.4.20 iptables: version 1.2.6a
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>
-----END PGP SIGNATURE-----
More information about the LUG