Re: RE: [SLE] Default Kernel 2.4.0 & ip_forward

27 Dec 2001

      I believe this was the spot.  In the firewall2-custom.rc.config file (in /etc/rc.config.d) you 
need to change the first entry to look like:

fw_custom_before_antispoofing() {
    # these rules will be loaded before any anti spoofing rules will be
    # loaded. Effectively the only filter lists already effective are
    # 1) allow any traffic via the loopback interface, 2) allow DHCP stuff,
    # 3) allow SAMBA stuff [2 and 3 only if FW_SERVICE_... are set to "yes"]
    # You can use this hook to prevent logging of uninteresting broadcast
    # packets or to allow certain packet through the anti-spoofing mechanism.

#example: allow incoming multicast packets for any routing protocol
#iptables -A INPUT -j ACCEPT -d 224.0.0.0/24
iptables -A INPUT -i eth1 -s <internal IP>/24 -d <external IP> -j ACCEPT
   true
}

Obviously exchange the <internal IP> to 192.168.5.1 and the <external IP> to 
192.168.4.2 (I believe, a little confusion here with you email).  By default, firewall2 has 
anti-spoofing on so you internal private network adress will not be accepted by your 
external facing interface.

Hope this helps.

Jim

12/27/01 01:39:35 PM, "erez avraham"  wrote:
...
yes I have suSefirewall2 installed but its not dropping anything for now.
the firewall has 2 nics 192.168.4.2 and 192.168.5.1     192.168.4.1 is an
ADSL router
clients has address from the range 192.168.5.2-254 and 192.168.5.1 as
default gateway
clients can't ping 192.168.4.2 or the internet. the router can't ping
192.168.5.1
that why i'm thinking the ip forwarding is nor working
-----Original Message-----
From: James Bliss [mailto:bliss@attbi.com]
Sent: éåí çîéùé 27 ãöîáø 2001 21:35
To: suse-linux-e@suse.com; erez avraham
Subject: Re: [SLE] Default Kernel 2.4.0 & ip_forward
Do you have any firewall installed?  The default firewall script prevents
the internal
network from seeing the external network interface.
12/27/01 01:03:35 PM, "erez avraham"  wrote:
...
Greetings all
does Suse 7.1 professional freshly installed with kernel 2.4.0 has
ip_forwarding enabled by default?
i can see in /proc/sys/net/ipv4/ the file ip_forward and it's value is 1.
i think it does, but i'm unable to ping eth1 through eth0 so maybe
ip_forwarding is not active after all....
thanks
--
To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the FAQ at http://www.suse.com/support/faq and the
archives at http://lists.suse.com
-- 
To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com
For additional commands send e-mail to suse-linux-e-help@suse.com             
Also check the FAQ at http://www.suse.com/support/faq and the
archives at http://lists.suse.com