Re: Firewall & Routing - help!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kevin F. Berrien wrote:

| With the help of many on the previous thread (Firewall - Very limited
| Access - suggestions), I've built my firewall using fwbuilder & FC1.  At
| present I've got it set up in a test environment.  The firewall seems to
| be operating correctly with one exception, but my real problem is with
| my routing.  I've always been terrible with routing....  At present, I
| can't traverse from a workstation on the "internal" subnet to host on
| "external" subnet, or internet.
|
| I am not using NAT on this firewall, it just bridges two subnets -
| allowing very specific traffic through (antivirus/windows-sus, remote
| desktop).  I need to get the routing between subnets working through the
| firewall.
|
| "external subnet" - eth0 - 192.168.50.0
| gatway to internet - 192.168.50.1
| eth0 ip 192.168.50.48/255.255.255.0 gw = 192.168.50.1
|
| "internal subnet" - eth1 - 192.168.5.0
| eth1 ip 192.168.5.200/255.255.255.0 gw = 192.168.50.1??
|
| test host "internal"
| ip 192.168.5.3/255.255.255.0 gw = 192.168.5.200??
|
<<-- snip -->>

Keven,

1)  Routing is a step by step process.  You seem to have 2 servers
involved... 192.168.50.1 and yours at 192.168.50.48 and 192.168.5.3.

The problem, you will need access to both servers to update routing for
both machines so you can get everything working.

a)  make a route in 192.168.50.1 that routes traffic for 192.168.5.0 to
your IP of 192.168.50.48...  This will allow your gateway server/router
to route packets to this additional network properly.

b)  I don't believe you need a gateway for eth1.  I could be wrong....

c)  NOW, try pinging 192.168.5.200 from 192.168.50.48... You should get
responses back.  If so, try 192.168.5.3 next.

d)  NOW, try pinging 192.168.50.48 from 192.168.5.3.  You should get
responses back.  If so, try 192.168.50.1 next.

Let us know the results of the tests and get back with us.

Thanks,
James Kosin

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAyJXQc7lFLjBWKW0RAkAaAJ4mManHnONmpWoVgSTm4DVtnbxOwQCePDTT
IU4xlrnKQwl1cVD5Y1XYFmU=
=SACH
-----END PGP SIGNATURE-----



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux