Default Kernel 2.4.0 & ip_forward
Greetings all does Suse 7.1 professional freshly installed with kernel 2.4.0 has ip_forwarding enabled by default? i can see in /proc/sys/net/ipv4/ the file ip_forward and it's value is 1. i think it does, but i'm unable to ping eth1 through eth0 so maybe ip_forwarding is not active after all.... thanks
Do you have any firewall installed? The default firewall script prevents the internal
network from seeing the external network interface.
12/27/01 01:03:35 PM, "erez avraham"
Greetings all
does Suse 7.1 professional freshly installed with kernel 2.4.0 has ip_forwarding enabled by default? i can see in /proc/sys/net/ipv4/ the file ip_forward and it's value is 1.
i think it does, but i'm unable to ping eth1 through eth0 so maybe ip_forwarding is not active after all....
thanks
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
yes I have suSefirewall2 installed but its not dropping anything for now.
the firewall has 2 nics 192.168.4.2 and 192.168.5.1 192.168.4.1 is an
ADSL router
clients has address from the range 192.168.5.2-254 and 192.168.5.1 as
default gateway
clients can't ping 192.168.4.2 or the internet. the router can't ping
192.168.5.1
that why i'm thinking the ip forwarding is nor working
-----Original Message-----
From: James Bliss [mailto:bliss@attbi.com]
Sent: éåí çîéùé 27 ãöîáø 2001 21:35
To: suse-linux-e@suse.com; erez avraham
Subject: Re: [SLE] Default Kernel 2.4.0 & ip_forward
Do you have any firewall installed? The default firewall script prevents
the internal
network from seeing the external network interface.
12/27/01 01:03:35 PM, "erez avraham"
Greetings all
does Suse 7.1 professional freshly installed with kernel 2.4.0 has ip_forwarding enabled by default? i can see in /proc/sys/net/ipv4/ the file ip_forward and it's value is 1.
i think it does, but i'm unable to ping eth1 through eth0 so maybe ip_forwarding is not active after all....
thanks
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
On Thursday 27 December 2001 20.39, erez avraham wrote:
yes I have suSefirewall2 installed but its not dropping anything for now. the firewall has 2 nics 192.168.4.2 and 192.168.5.1 192.168.4.1 is an ADSL router clients has address from the range 192.168.5.2-254 and 192.168.5.1 as default gateway clients can't ping 192.168.4.2 or the internet. the router can't ping 192.168.5.1
that why i'm thinking the ip forwarding is nor working
Are all routing tables set up correctly? Can the firewall ping both subnets and the internet? regards Anders
I believe this was the spot. In the firewall2-custom.rc.config file (in /etc/rc.config.d) you
need to change the first entry to look like:
fw_custom_before_antispoofing() {
# these rules will be loaded before any anti spoofing rules will be
# loaded. Effectively the only filter lists already effective are
# 1) allow any traffic via the loopback interface, 2) allow DHCP stuff,
# 3) allow SAMBA stuff [2 and 3 only if FW_SERVICE_... are set to "yes"]
# You can use this hook to prevent logging of uninteresting broadcast
# packets or to allow certain packet through the anti-spoofing mechanism.
#example: allow incoming multicast packets for any routing protocol
#iptables -A INPUT -j ACCEPT -d 224.0.0.0/24
iptables -A INPUT -i eth1 -s <internal IP>/24 -d <external IP> -j ACCEPT
true
}
Obviously exchange the <internal IP> to 192.168.5.1 and the <external IP> to
192.168.4.2 (I believe, a little confusion here with you email). By default, firewall2 has
anti-spoofing on so you internal private network adress will not be accepted by your
external facing interface.
Hope this helps.
Jim
12/27/01 01:39:35 PM, "erez avraham"
yes I have suSefirewall2 installed but its not dropping anything for now. the firewall has 2 nics 192.168.4.2 and 192.168.5.1 192.168.4.1 is an ADSL router clients has address from the range 192.168.5.2-254 and 192.168.5.1 as default gateway clients can't ping 192.168.4.2 or the internet. the router can't ping 192.168.5.1
that why i'm thinking the ip forwarding is nor working -----Original Message----- From: James Bliss [mailto:bliss@attbi.com] Sent: éåí çîéùé 27 ãöîáø 2001 21:35 To: suse-linux-e@suse.com; erez avraham Subject: Re: [SLE] Default Kernel 2.4.0 & ip_forward
Do you have any firewall installed? The default firewall script prevents the internal network from seeing the external network interface.
12/27/01 01:03:35 PM, "erez avraham"
wrote: Greetings all
does Suse 7.1 professional freshly installed with kernel 2.4.0 has ip_forwarding enabled by default? i can see in /proc/sys/net/ipv4/ the file ip_forward and it's value is 1.
i think it does, but i'm unable to ping eth1 through eth0 so maybe ip_forwarding is not active after all....
thanks
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
i will try it and let ya all know
thanks and good night
-----Original Message-----
From: James Bliss [mailto:bliss@attbi.com]
Sent: éåí çîéùé 27 ãöîáø 2001 22:13
To: suse-linux-e@suse.com; erez avraham
Subject: Re: RE: [SLE] Default Kernel 2.4.0 & ip_forward
I believe this was the spot. In the firewall2-custom.rc.config file (in
/etc/rc.config.d) you
need to change the first entry to look like:
fw_custom_before_antispoofing() {
# these rules will be loaded before any anti spoofing rules will be
# loaded. Effectively the only filter lists already effective are
# 1) allow any traffic via the loopback interface, 2) allow DHCP stuff,
# 3) allow SAMBA stuff [2 and 3 only if FW_SERVICE_... are set to "yes"]
# You can use this hook to prevent logging of uninteresting broadcast
# packets or to allow certain packet through the anti-spoofing
mechanism.
#example: allow incoming multicast packets for any routing protocol
#iptables -A INPUT -j ACCEPT -d 224.0.0.0/24
iptables -A INPUT -i eth1 -s <internal IP>/24 -d <external IP> -j ACCEPT
true
}
Obviously exchange the <internal IP> to 192.168.5.1 and the <external IP> to
192.168.4.2 (I believe, a little confusion here with you email). By
default, firewall2 has
anti-spoofing on so you internal private network adress will not be accepted
by your
external facing interface.
Hope this helps.
Jim
12/27/01 01:39:35 PM, "erez avraham"
yes I have suSefirewall2 installed but its not dropping anything for now. the firewall has 2 nics 192.168.4.2 and 192.168.5.1 192.168.4.1 is an ADSL router clients has address from the range 192.168.5.2-254 and 192.168.5.1 as default gateway clients can't ping 192.168.4.2 or the internet. the router can't ping 192.168.5.1
that why i'm thinking the ip forwarding is nor working -----Original Message----- From: James Bliss [mailto:bliss@attbi.com] Sent: iem gniyi 27 cvnax 2001 21:35 To: suse-linux-e@suse.com; erez avraham Subject: Re: [SLE] Default Kernel 2.4.0 & ip_forward
Do you have any firewall installed? The default firewall script prevents the internal network from seeing the external network interface.
12/27/01 01:03:35 PM, "erez avraham"
wrote: Greetings all
does Suse 7.1 professional freshly installed with kernel 2.4.0 has ip_forwarding enabled by default? i can see in /proc/sys/net/ipv4/ the file ip_forward and it's value is 1.
i think it does, but i'm unable to ping eth1 through eth0 so maybe ip_forwarding is not active after all....
thanks
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
participants (3)
-
Anders Johansson
-
erez avraham
-
James Bliss