Hi all, On Sat, 12 Feb 2000, John Grant wrote:
James (Jim) Hatridge said:
Hi John et al,
On Thu, 10 Feb 2000, John Grant wrote:
What are your forwarding rules?
This is what it was before I added your command: ------------------------- Opus:/root # ipfwadm -Fl IP firewall forward rules, default policy: accept type prot source destination ports acc/m all localnet/24 anywhere n/a Opus:/root #
This looks ok, assuming "localnet" resolves to "192.168.17.x". If you do a "ipfwadm -Fln" you should see a "192.168.17.0/24" there.
---------------------------------------- Opus:/root # ipfwadm -Fln IP firewall forward rules, default policy: accept type prot source destination ports acc/m all 192.168.17.0/24 0.0.0.0/0 n/a Opus:/root # ------------------------------------
The only difference between what I gave you and what you have is that mine is more restrictive. "192.168.17.42/32" means /only/ CW, whereas "192.168.17.0/24" means any computer on net 192.168.17.0 (which would include CW, so you're covered).
I hope to add more systems once I get this done.
-----------------------------------------------
I'm using ipchains these days but if I can remember the syntax for ipfwadm I think you can get a list by doing an "ipfwadm -Fl" on opus. If I got that command right and you don't get anything back then you need to tel opus to masquerade stuff from CW with a:
ipfwadm -F -a m -S 192.168.17.42/32
Here it is after doing the above command: -------------------------------- Opus:/root # ipfwadm -Fl IP firewall forward rules, default policy: accept type prot source destination ports acc/m all localnet/24 anywhere n/a acc/m all CW anywhere n/a Opus:/root # ----------------------------------------
But it still does not work. :( What do you think? Shouldn't there be a port number on the line?
Drat. So much for that idea.
The port number should not need to be specified. If you leave it off it defaults to "everything", like the destination. The "n/a" is maybe a bit misleading there.
hmmmm..
ok, You say opus has no problems pinging, say yahoo.com, but that if you try to do that on CW it just hangs "looking up yahoo.com", right?
Yes and no, when I use lynx or netscrape it hangs with the looking up error. But when I ping I got two differet errors. At first I was getting something like "net not accessable" (I didn't keep the error, sorry) each time it pinged. Then after I messed around with the files some (I've been on this for about 2 weeks now.) I stopped getting anything. I would run ping xxx.xx.xxx.xxx and it would just sit there. When I ^c out of ping it would say something about x packages sent 0 returned 100% lost. I would then do the same ping command on Opus and it worked.
If that's the case, what happens if you ping the ip address instead of the name (from CW)? Do a "nslookup yahoo.com" on opus, then use the ip you get back to ping from CW. I get "204.71.200.245" doing the nslookup here, what happens if you do a "ping 204.71.200.245" from CW?
I'll try to ping yahoo when I get on the net to send this to you. But if the guys in black break down my door as some type of hacker I'll tell them that you said to do it. :)
IF that works, check that the file /etc/resolv.conf on CW has your nameserver(s) listed in it. It should probably be the same as the one on opus unless you're running your own nameserver (in which case it should point to the box you're running the nameserver on).
They are the same, see below. ---------------------------------------- search straubing.baynet.de popmail.straubing.baynet.de smtpmail.straubing.baynet.de nameserver 195.189.80.68 nameserver 195.189.80.62 nameserver 195.189.0.39 --------------------------------- Thanks for you help! Jim Hatridge hatridge@straubing.baynet.de Proud Linux User #88484 ------------------------------------------------------------------------ Jim's Beowulf Project Looking for giveaway computers and parts I need it all! Email Jim for details on how you can help build a poor man's super computer. -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/