Mailinglist Archive: opensuse-security (109 mails)

< Previous Next >
Router won't forward
  • From: linsley <linsley@xxxxxxxxx>
  • Date: Sun, 19 Mar 2006 08:38:16 -0800 (PST)
  • Message-id: <Pine.LNX.4.58.0603190748120.30168@xxxxxxxxxxxxxx>
I have a box configured as a firewall/router/server. The firewall box
will talk to the world, and vice versa. The internal zone can talk
to the firewall. But nothing seems to be going *through* the firewall.

Basic info:
SuSE 10.0
> uname -a
Linux rose 2.6.13-15-default #1 Tue Sep 13 14:56:15 UTC 2005 i686 i686
i386 GNU/Linux

eth1 is the external zone interface:
# ifstatus eth1
eth1
eth1 configuration: eth-id-00:30:f1:2f:ef:8c
eth1 is up
4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:30:f1:2f:ef:8c brd ff:ff:ff:ff:ff:ff
inet 209.204.189.32/24 brd 209.204.189.255 scope global eth1
inet 209.204.189.33/24 brd 209.204.189.255 scope global secondary
eth1:2
inet 209.204.189.34/24 brd 209.204.189.255 scope global secondary
eth1:3
inet 209.204.189.35/24 brd 209.204.189.255 scope global secondary
eth1:4
inet 209.204.189.36/24 brd 209.204.189.255 scope global secondary
eth1:5
inet6 fe80::230:f1ff:fe2f:ef8c/64 scope link
valid_lft forever preferred_lft forever
eth1 IP address: 209.204.189.32/24
secondary eth1:2 IP address: 209.204.189.33/24
secondary eth1:3 IP address: 209.204.189.34/24
secondary eth1:4 IP address: 209.204.189.35/24
secondary eth1:5 IP address: 209.204.189.36/24
Configured routes for interface eth1:
default 209.204.189.1 - -
Active routes for interface eth1:
209.204.189.0/24 proto kernel scope link src 209.204.189.32
default via 209.204.189.1
0 of 1 configured routes for interface eth1 up


eth0 is the internal zone:
# ifstatus eth0
eth0 device: VIA Technologies, Inc. VT6105 [Rhine-III] (rev 86)
eth0 configuration: eth-id-00:40:f4:88:de:ae
eth0 is up
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:40:f4:88:de:ae brd ff:ff:ff:ff:ff:ff
inet 192.168.2.18/24 brd 192.168.2.255 scope global eth0
inet6 fe80::240:f4ff:fe88:deae/64 scope link
valid_lft forever preferred_lft forever
eth0 IP address: 192.168.2.18/24
Configured routes for interface eth0:
default 209.204.189.1 - -
169.254.0.0 - 255.255.0.0 eth0
Active routes for interface eth0:
192.168.2.0/24 proto kernel scope link src 192.168.2.18
169.254.0.0/16 scope link
1 of 2 configured routes for interface eth0 up


Firewall is configured with SuseFirewall2 using YaST2:
External zone allowed services are
http https imap smtp ssh
Internal zone allowed services are
http https imap smtp ssh
Protect Firewall from Internal Zone is checked.
Accepted packets and not accepted packets are both set to Log All
I see packets from the internal zone being accepted with messages like
these:
Mar 19 08:33:58 rose kernel: SFW2-FWDint-ACC-MASQ IN=eth0 OUT=eth1
SRC=192.168.2.2 DST=209.204.189.1 LEN=60 TOS=0x00 PREC=0x00 TTL=126
ID=37282 PROTO=ICMP TYPE=8 CODE=0 ID=32768 SEQ=14848
However, no reply packets are logged, either accepted or not.


Help! What is configured wrong???

--
Chuck Linsley
linsley@xxxxxxxxx
cel@xxxxxxxxxxxxxxxxxx


< Previous Next >
This Thread
Follow Ups