James (Jim) Hatridge said:
Hi John et al,
On Thu, 10 Feb 2000, John Grant wrote:
What are your forwarding rules?
This is what it was before I added your command: ------------------------- Opus:/root # ipfwadm -Fl IP firewall forward rules, default policy: accept type prot source destination ports acc/m all localnet/24 anywhere n/a Opus:/root #
This looks ok, assuming "localnet" resolves to "192.168.17.x". If you do a "ipfwadm -Fln" you should see a "192.168.17.0/24" there. The only difference between what I gave you and what you have is that mine is more restrictive. "192.168.17.42/32" means /only/ CW, whereas "192.168.17.0/24" means any computer on net 192.168.17.0 (which would include CW, so you're covered).
-----------------------------------------------
I'm using ipchains these days but if I can remember the syntax for ipfwadm I think you can get a list by doing an "ipfwadm -Fl" on opus. If I got that command right and you don't get anything back then you need to tel opus to masquerade stuff from CW with a:
ipfwadm -F -a m -S 192.168.17.42/32
Here it is after doing the above command: -------------------------------- Opus:/root # ipfwadm -Fl IP firewall forward rules, default policy: accept type prot source destination ports acc/m all localnet/24 anywhere n/a acc/m all CW anywhere n/a Opus:/root # ----------------------------------------
But it still does not work. :( What do you think? Shouldn't there be a port number on the line?
Drat. So much for that idea. The port number should not need to be specified. If you leave it off it defaults to "everything", like the destination. The "n/a" is maybe a bit misleading there. hmmmm.. ok, You say opus has no problems pinging, say yahoo.com, but that if you try to do that on CW it just hangs "looking up yahoo.com", right? If that's the case, what happens if you ping the ip address instead of the name (from CW)? Do a "nslookup yahoo.com" on opus, then use the ip you get back to ping from CW. I get "204.71.200.245" doing the nslookup here, what happens if you do a "ping 204.71.200.245" from CW? IF that works, check that the file /etc/resolv.conf on CW has your nameserver(s) listed in it. It should probably be the same as the one on opus unless you're running your own nameserver (in which case it should point to the box you're running the nameserver on). -John -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/