[lug] Firewall spontaneously combusted???

Kevin Fenzi kevin at scrye.com
Fri Sep 10 17:54:40 MDT 2004

Hash: SHA1

>>>>> "David" == David Morris <lists at morris-clan.net> writes:

David> Ok, this is strange.  I recently moved and just got my new DSL
David> link installed.  I booted up my firewall system, an old Sparc
David> LX, updated the IP address for the external interface and in my
David> firewall script, then started up the firewall.

David> No joy.  No packets routed from my other computers at all.

David> The following commands should setup IP Masquerading on any
David> system with multiple interfaces where eth1 is the external
David> interface:

David>     cat 1 > /proc/sys/net/ipv4/ip_forward iptables --table nat
David> --append POSTROUTING \ --out-interface eth1 --jump SNAT \ --to
David> <external_ip>

David> I can run these commands on other systems and I get IP
David> Masquerading as expected.  Just before I moved I could run it
David> on the Sparc LX with as well and it worked there.

Odd. I don't think that would work anywhere. 

cat 1 > /proc/sys/net/ipv4/ip_forward

will cat the contents of a file called '1' into that proc file. 

Perhaps you meant to do: 

echo 1 > /proc/sys/net/ipv4/ip_forward ?

David> Now, I run it and I get *nothing*.

David> The packets are being received by the system and that no
David> packets are being lost no matter how big.  I can ping out of
David> both interfaces from the Sparc LX, and into it from other
David> computers on both sides.  The only thing I changed was the
David> physical location and the IP address of the external interface.

David> Anyone have any ideas on what happend, or what I can do to fix
David> it?

Try the echo and make sure it's setting ip_forward... 

Otherwise it might be hitting another rule before the one you are
appending to? Perhaps a deny all before that?

David> System details:

David>     Hardware: Sparc LX Distro: Debian testing (sarge) Kernel:
David> 2.4.20 iptables: version 1.2.6a

David> --David

Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>


More information about the LUG mailing list