Thanks for the fast reply, Bruce. I did that very thing. Last night in the wee hours, I finally got eth0 working to the Internet, and I can

my local network, but the local network won't allow a "pass-through" connection to get to the internet. the eth2 is work with a 10.a.b.c NIC directed to a Lucent Ascend ISDN box with an address of 10.a.b.d - and

Yes - I am doing both Forwarding and Masquerading....i.e. I don't want my IP 192 on the internet (RFC1198 specifically stops it). But I have to ROUTE it myself. The masqerading is to present one (real) IP address to the internet for any machine in my network. So right now I have a 3-NIC firewall box that has eth0 to 'raw" internet with a real IP address eth1 to a DMZ webserver and eth2 to this next (8.2) box. This 8.2 box is the only one being replaced (at this time). It runs DNS, CUPS, X, and will run Shorewall - but right now, NO firewall is running. Basic routing has to be done first and should NOT rely on the firewall. Shorewall when properly installed also has the ability (with "shorewall clear") to let just routing though without any firewall rules. So that is where I am stuck, because of the "new" way SuSE does it. So right now - my only access to help is here at work - cause I can't get what I need (right now) from home where I have this network....sigh... - Bill "Bruce S. Marshall" <bmarsh@bmarsh.com> 05/08/03 05:37 PM Please respond to bmarsh To: Bill Light/CA/KAIPERM@KAIPERM cc: Subject: Re: [SLE] Routing - 7.3 versus 8.x Bill.Light@KP.ORG said: ping the

intent is to get to anything at work a mask of 10.a.b.255. Start-up labels it as Peer without errors, but any traceroute (to work) immediately go to the default eth0, and out to the internet - instead of staying in the 10.x.x.255 subnet.

My family has been without internet for two days and my name is mudd. Looking at the actual 'changes' of ifcfg-ethn gives some hint, but a good "for instance" is what goes into the "NETWORK" argument ? for a "route -n" I used to get "U" "UG" and "UGH" associated with a single eth2 instance...but that appears to have disappeared. I'm frustrated and tempted to go back to 7.3, but I want to stay current....

- Bill

Excuse me if this email is a bit mixed up because I am trying Squirrelmail for the first time... What you are looking for with 'forwarding' is normally called 'masquerading' and deals with giving your other machines access to the internet. Right? This is normally a function of your firewall setup. What firewall are you using? Either Shorewall or SuSEfirewall2 has a setting in the config that will setup the masquerading.... I guess you can do it with YAST but hold off on that until you have all the machines talking to each other within the local network. Then use YAST to set up your firewall if you're using SuSEfirewall2. (but I've never used YAST to set up a firewall) Holler for help.

Bruce Marshall <bmarsh@bmarsh.com> 05/08/03 04:58 PM Please respond to bmarsh

To: SLE <suse-linux-e@suse.com> cc: Subject: Re: [SLE] Routing - 7.3 versus 8.x

On Thursday 08 May 2003 19:10 pm, Bill.Light@kp.org wrote:

...

I have just done a fresh install of SuSE 8.2 to replace my 3 -NIC firewall box.

Stuff I expected in /etc has been moved but found. Shorewall installation through YAST removes Kernel Sources, but I can NOT figure out the #$%^&&% ! Routing changes.

I have/had a working /etc/route.conf & /etc/rc.config I now kind of find what I need in /etc/sysconfig/network/ifcfg-n & /etc/sysconfig/network/routing

How do I fill in the correct "blanks" YAST certainly doesn't seem to help for multiple NIC's with different routing - the very purpose that I have the multiple NIC's!

Not sure how much I can help with words, but this should be a piece of cake and YAST can do it.

You configure each nic with the proper IP address, and routing.

I've done it with two but three shouldn't be any different. I'm no network whiz but I had no problem with it.

Just let YAST do it... Forget what you had before.

...

Can someone steer me in the right direction ?

Required - eth0 to a single 192.x.x.x NIC (Primary Firewall) eth1 to my network 192.x.x.x (Samba PDC, Windoze boxes, CUPS printers) eth2 to another private single 10.x.x.x

- Bill

--

+----------------------------------------------------------------------------+

+ Bruce S. Marshall bmarsh@bmarsh.com Bellaire, MI 05/08/03 19:56 +

+----------------------------------------------------------------------------+

"A lack of leadership is no substitute for inaction."

-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com

-- Bruce Marshall bmarsh@bmarsh.com