yes I have suSefirewall2 installed but its not dropping anything for now. the firewall has 2 nics 192.168.4.2 and 192.168.5.1 192.168.4.1 is an ADSL router clients has address from the range 192.168.5.2-254 and 192.168.5.1 as default gateway clients can't ping 192.168.4.2 or the internet. the router can't ping 192.168.5.1 that why i'm thinking the ip forwarding is nor working -----Original Message----- From: James Bliss [mailto:bliss@attbi.com] Sent: éåí çîéùé 27 ãöîáø 2001 21:35 To: suse-linux-e@suse.com; erez avraham Subject: Re: [SLE] Default Kernel 2.4.0 & ip_forward Do you have any firewall installed? The default firewall script prevents the internal network from seeing the external network interface. 12/27/01 01:03:35 PM, "erez avraham" wrote:

Greetings all

does Suse 7.1 professional freshly installed with kernel 2.4.0 has ip_forwarding enabled by default? i can see in /proc/sys/net/ipv4/ the file ip_forward and it's value is 1.

i think it does, but i'm unable to ping eth1 through eth0 so maybe ip_forwarding is not active after all....

thanks

-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com

I believe this was the spot. In the firewall2-custom.rc.config file (in /etc/rc.config.d) you need to change the first entry to look like: fw_custom_before_antispoofing() { # these rules will be loaded before any anti spoofing rules will be # loaded. Effectively the only filter lists already effective are # 1) allow any traffic via the loopback interface, 2) allow DHCP stuff, # 3) allow SAMBA stuff [2 and 3 only if FW_SERVICE_... are set to "yes"] # You can use this hook to prevent logging of uninteresting broadcast # packets or to allow certain packet through the anti-spoofing mechanism. #example: allow incoming multicast packets for any routing protocol #iptables -A INPUT -j ACCEPT -d 224.0.0.0/24 iptables -A INPUT -i eth1 -s <internal IP>/24 -d <external IP> -j ACCEPT true } Obviously exchange the <internal IP> to 192.168.5.1 and the <external IP> to 192.168.4.2 (I believe, a little confusion here with you email). By default, firewall2 has anti-spoofing on so you internal private network adress will not be accepted by your external facing interface. Hope this helps. Jim 12/27/01 01:39:35 PM, "erez avraham" wrote:

yes I have suSefirewall2 installed but its not dropping anything for now. the firewall has 2 nics 192.168.4.2 and 192.168.5.1 192.168.4.1 is an ADSL router clients has address from the range 192.168.5.2-254 and 192.168.5.1 as default gateway clients can't ping 192.168.4.2 or the internet. the router can't ping 192.168.5.1

that why i'm thinking the ip forwarding is nor working -----Original Message----- From: James Bliss [mailto:bliss@attbi.com] Sent: éåí çîéùé 27 ãöîáø 2001 21:35 To: suse-linux-e@suse.com; erez avraham Subject: Re: [SLE] Default Kernel 2.4.0 & ip_forward

Do you have any firewall installed? The default firewall script prevents the internal network from seeing the external network interface.

12/27/01 01:03:35 PM, "erez avraham" wrote:

...

Greetings all

does Suse 7.1 professional freshly installed with kernel 2.4.0 has ip_forwarding enabled by default? i can see in /proc/sys/net/ipv4/ the file ip_forward and it's value is 1.

i think it does, but i'm unable to ping eth1 through eth0 so maybe ip_forwarding is not active after all....

thanks

-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com

-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com