I believe this was the spot. In the firewall2-custom.rc.config file (in /etc/rc.config.d) you
need to change the first entry to look like:
fw_custom_before_antispoofing() {
# these rules will be loaded before any anti spoofing rules will be
# loaded. Effectively the only filter lists already effective are
# 1) allow any traffic via the loopback interface, 2) allow DHCP stuff,
# 3) allow SAMBA stuff [2 and 3 only if FW_SERVICE_... are set to "yes"]
# You can use this hook to prevent logging of uninteresting broadcast
# packets or to allow certain packet through the anti-spoofing mechanism.
#example: allow incoming multicast packets for any routing protocol
#iptables -A INPUT -j ACCEPT -d 224.0.0.0/24
iptables -A INPUT -i eth1 -s <internal IP>/24 -d <external IP> -j ACCEPT
true
}
Obviously exchange the <internal IP> to 192.168.5.1 and the <external IP> to
192.168.4.2 (I believe, a little confusion here with you email). By default, firewall2 has
anti-spoofing on so you internal private network adress will not be accepted by your
external facing interface.
Hope this helps.
Jim
12/27/01 01:39:35 PM, "erez avraham"
yes I have suSefirewall2 installed but its not dropping anything for now. the firewall has 2 nics 192.168.4.2 and 192.168.5.1 192.168.4.1 is an ADSL router clients has address from the range 192.168.5.2-254 and 192.168.5.1 as default gateway clients can't ping 192.168.4.2 or the internet. the router can't ping 192.168.5.1
that why i'm thinking the ip forwarding is nor working -----Original Message----- From: James Bliss [mailto:bliss@attbi.com] Sent: éåí çîéùé 27 ãöîáø 2001 21:35 To: suse-linux-e@suse.com; erez avraham Subject: Re: [SLE] Default Kernel 2.4.0 & ip_forward
Do you have any firewall installed? The default firewall script prevents the internal network from seeing the external network interface.
12/27/01 01:03:35 PM, "erez avraham"
wrote: Greetings all
does Suse 7.1 professional freshly installed with kernel 2.4.0 has ip_forwarding enabled by default? i can see in /proc/sys/net/ipv4/ the file ip_forward and it's value is 1.
i think it does, but i'm unable to ping eth1 through eth0 so maybe ip_forwarding is not active after all....
thanks
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com