- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- ipfiltering does not work
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2002 01:49 PM
12-19-2002 01:49 PM
ipfiltering does not work
From internal client i can ping the internal NIC and external NIC on the firewall but nothing past that including the internet.
eth0(to external)
ip=212.51.51.5
nm=255.255.255.0
nw=212.51.51.0
bc=212.51.51.255
gw=212.51.51.1(router ip address to internet)
eth1(to internal)
ip=212.51.51.6
nm=255.255.255.0
nw=212.51.51.0
bc=212.51.51.255
internal client
ip=212.51.51.7
nm=255.255.255.0
nw=212.51.51.0
bc=212.51.51.255
gw=212.51.51.6
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2002 03:41 PM
12-19-2002 03:41 PM
Re: ipfiltering does not work
Your 3 NICs are on the same subnet. I'm afraid but it may not work because the filtering rules and particularly masquerading are based on IP subnet.
If you can, put the 3 NICs on different subnets.
If you cannot, explain with more details what you need, and post the rules that you have already configured.
Good luck.
Kodjo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2002 07:28 PM
12-19-2002 07:28 PM
Re: ipfiltering does not work
sorry to bombard you w/ all the questions;thanks for any advice you can give...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-20-2002 10:05 AM
12-20-2002 10:05 AM
Re: ipfiltering does not work
is a good guide to setting up iptables.
As far as networking goes you normally use Network Address Translation (NAT) on the router so that we only need a few registered IP address. The DMZ addresses would then be assigned manually from one of the private IP ranges say 192.168.1.x mask 255.255.255.0
The internal clients would probably prefer to use DHCP to get their addresses. Assuming we have a small internal network we could let the Linux box play DHCP server and have it assign addresses in the 192.168.2.x mask 255.255.255.0 range.
Your network design is a bit strange unless you are using a dialup. See:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094763.shtml
or
http://new.linuxnow.com/docs/content/Firewall-HOWTO-html/Firewall-HOWTO-3.html
for a typical router firewall setup.
http://new.linuxnow.com/docs.shtml
has info on "howto" do just about anything in Linux.
Ron
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-20-2002 10:22 AM
12-20-2002 10:22 AM
Re: ipfiltering does not work
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-20-2002 10:56 AM
12-20-2002 10:56 AM
Re: ipfiltering does not work
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-23-2002 01:12 PM
12-23-2002 01:12 PM
Re: ipfiltering does not work
NAT or IP MASQ is a security barrier so it is foolish to try and do without them if you are going to use a firewall.
Anyway to implement the first drawing without IP MASQ would be very difficult unless the ISP gave you a lot of registered IP addresses.
You would have to use IP unnumbered on the cisco and let it use its ethernet address on the link to the ISP. Then you could use your registered IP addresses in the DMZ. I suppose if we split the subnet in half we could use half of the registered addresses in the DMZ and the other half on the local LAN (other splits are possible depending upon how many ip addresses you have and how many hosts will be in the DMZ and the Local LAN). You would have to make sure the router had the same subnet mask and give it a route to the second half of the addresses which pointed to the firewall.
Ron