[SLE] Urgent advice needed .. IPchains/Router/Firewall
Hi all, a) Where do I copy my IPchains rules on the SuSE box so that they become permanent ? b) Do I need to enable IP Masquerading on my SuSE Firewall given the setup described below ? c) Any suggestions on the setup ? MY NETWORK SETUP IS AS FOLLOWS : I have 8 Win98 machines with 192.168.1.x addresses 1 Redhat 6.2 Router with: eth0 = 192.168.1.254 eth1 = 192.168.32.254 gatewaydev=eth1 IP forwarding enabled ipchains -A forward -j MASQ -s 192.168.1.0/0 -d 0.0.0.0/0 1 SuSE 6.4 Firewall : eth0=192.168.32.1 ppp0= ISDN TA IP_Forward=yes I am still working on the IPchains rules.. The 192.168.1.0 network is connected to a HUB and the 192.168.32.0 'network' is connected via a Crossover Cable . TIA Anurag Jalan Calcutta, India -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Mon, 05 Jun 2000, Anurag Jalan wrote:
a) Where do I copy my IPchains rules on the SuSE box so that they become permanent ?
On my firewall, I have them within the script file /etc/ppp/FinreInit.sh, which name I pass as a parameter to /usr/sbin/pppd within the script /etc/rc.d/pppd. (I'm thinking on studying how to move that startup from rc.d to inittab, so that I can set respawn on it. But I haven't actually looked at that yet.)
b) Do I need to enable IP Masquerading on my SuSE Firewall given the setup described below ?
If you want any machine other than the firewall to be able to see the Internet, yes.
c) Any suggestions on the setup ?
MY NETWORK SETUP IS AS FOLLOWS :
I have 8 Win98 machines with 192.168.1.x addresses
1 Redhat 6.2 Router with:
eth0 = 192.168.1.254 eth1 = 192.168.32.254 gatewaydev=eth1
IP forwarding enabled ipchains -A forward -j MASQ -s 192.168.1.0/0 -d 0.0.0.0/0
Why do you have this router? You don't need it for different speed connections, you don't need it for security, you don't need it for isolation, you don't need separate subnets to control traffic volume... maybe there's a reason you need it, but no reason is obvious to me. (I note that you have at least 9 machines plugged into your hub, and while it's possible that you have a 9-port hub, I'd bet against it.)
1 SuSE 6.4 Firewall :
eth0=192.168.32.1 ppp0= ISDN TA IP_Forward=yes
I am still working on the IPchains rules..
The 192.168.1.0 network is connected to a HUB and the 192.168.32.0 'network' is connected via a Crossover Cable .
The current firewall modules, unfortunately, use a weak model (which, as I understand it, will be fixed in the 2.4 kernel & associated stuff). Remember that all internet traffic must go THROUGH the firewall - which means it must pass through the input chain, and must pass through the output chain. Incoming-from-the-internet traffic which is a response to masqueraded outgoing traffic will bypass the forward chain and be de-masqueraded, you don't have to write any rules for that. But it still has to pass through the input and output chains. Other traffic which is to be forwarded - e.g. the outgoing internet traffic - must pass through the forward chain. If it's to be masqueraded, it must hit on a rule that says to masquerade it. This is in addition to the input and output chains. If you have any daemons at all on the firewall - e.g. it's possible to telnet into it - you should secure those daemons by other means, such as tcp wrappers, to restrict access against non-local users. -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Hi Don & others on the List .. I am a Linux beginner .. could you please explain the following in stepwise detail ? Regards Anurag --Don Edwards wrote-- At 07:47 PM 6/5/00 -0700, you wrote:
On Mon, 05 Jun 2000, Anurag Jalan wrote:
a) Where do I copy my IPchains rules on the SuSE box so that they become permanent ?
On my firewall, I have them within the script file /etc/ppp/FinreInit.sh, which name I pass as a parameter to /usr/sbin/pppd within the script /etc/rc.d/pppd.
(I'm thinking on studying how to move that startup from rc.d to inittab, so that I can set respawn on it. But I haven't actually looked at that yet.)
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
At 07:47 PM 6/5/00 -0700, Don Edwards wrote:
On Mon, 05 Jun 2000, Anurag Jalan wrote:
a) Where do I copy my IPchains rules on the SuSE box so that they become permanent ?
On my firewall, I have them within the script file /etc/ppp/FinreInit.sh, which name I pass as a parameter to /usr/sbin/pppd within the script /etc/rc.d/pppd.
(I'm thinking on studying how to move that startup from rc.d to inittab, so that I can set respawn on it. But I haven't actually looked at that yet.)
Hi , I use wvdial to connect to the net ...as i understand it : a) ipchains-save is used to save rules to /etc/ppp/FinreInit.sh .. BUT in my /etc/rc.d/ there is a script called ppp0ed but NO pppd .. is this script equivalent ? AND how exactly do i pass /etc/ppp/FinreInit.sh as parameter to /usr/sbin/pppd ? Regards Anurag -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Wed, 07 Jun 2000, Anurag Jalan wrote:
At 07:47 PM 6/5/00 -0700, Don Edwards wrote:
On Mon, 05 Jun 2000, Anurag Jalan wrote:
a) Where do I copy my IPchains rules on the SuSE box so that they become permanent ?
On my firewall, I have them within the script file /etc/ppp/FinreInit.sh, which name I pass as a parameter to /usr/sbin/pppd within the script /etc/rc.d/pppd.
(I'm thinking on studying how to move that startup from rc.d to inittab, so that I can set respawn on it. But I haven't actually looked at that yet.)
I use wvdial to connect to the net ...as i understand it :
a) ipchains-save is used to save rules to /etc/ppp/FinreInit.sh ..
BUT
in my /etc/rc.d/ there is a script called ppp0ed but NO pppd .. is this script equivalent ?
The exact name doesn't matter. In, say, /etc/rc.d/rc3.d do you have a symlink named Ssomething that points at ppp0ed? Then it's equivalent.
AND how exactly do i pass /etc/ppp/FinreInit.sh as parameter to /usr/sbin/pppd ?
That was actually a misreading of my script. (And a typo in the email message, but then again, the exact names of custom scripts doesn't matter - you just have to be sure that the right script is executed at the right time.) On my machine FireInit.sh is executed by the pppd script immediately *after* /usr/sbin/pppd. It isn't a parameter, it's the next line. (I work in several different environments, and the last nonblank character of my pppd script line that executes the pppd program is a character that indicates line continuation - in a different environment, not in a bash script.)
Regards
Anurag
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (2)
-
a_jalan@vsnl.com -
warrl@blarg.net