--- Jeff Vian <jvian10@xxxxxxxxxxx> wrote:
>
> # service iptables stop
> # cd /etc/sysconfig
> # mv iptables iptables.save
>
[olivares@rio ~]$ su -
Password:
[root@rio ~]# service iptables stop
Flushing firewall rules:
[ OK ]
Setting chains to policy ACCEPT: mangle filter nat
[ OK ]
Unloading iptables modules:
[ OK ]
[root@rio ~]# cd /etc/sysconfig/
[root@rio sysconfig]# mv iptables iptables.save
mv: overwrite `iptables.save'? n
[root@rio sysconfig]# mv iptables iptables.save2
[root@rio sysconfig]# mv iptables.save iptables
[root@rio sysconfig]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags
Metric Ref Use Iface
192.168.100.0 0.0.0.0 255.255.255.0 U
0 0 0 eth1
10.154.19.0 0.0.0.0 255.255.255.0 U
0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U
0 0 0 eth0
0.0.0.0 10.154.19.1 0.0.0.0 UG
0 0 0 eth0
[root@rio sysconfig]# service network restart
Shutting down interface eth0:
[ OK ]
Shutting down interface eth1:
[ OK ]
Shutting down loopback interface:
[ OK ]
Disabling IPv4 packet forwarding:
[ OK ]
Setting network parameters:
[ OK ]
Bringing up loopback interface:
[ OK ]
Bringing up interface eth0:
[ OK ]
Bringing up interface eth1:
[ OK ]
[root@rio sysconfig]#
> Then try rebuilding the firewall manually.
>
I do not know how to do this, but I will read up on
the page for fwbuilder. The network is up again
because I moved the older iptables.save into iptables
and it is up.
I even switched the cables from the machine to see if
it would work and it failed.
Will report back. Thanks Jeff you have been very
helpful.
Best Regards,
Antonio
> I would suggest that you rebuild it yourself, and
> maybe use fwbuilder to
> assist.
>
> What you must do is:
> 1. Allow the linux box to access all outbound
> communications --
> probably on both eth1 and eth0.
> 2. Not allow access from the outside network to the
> linux box, except
> for DNS
> 3. allow all established,related communications in
> both directions.
> 4. provide masquerading for all outbound connections
> from the LAN (eth1)
> to the WAN (eth0)
> 5. allow IP forwarding
>
> I am replacing a firewall at home tonight and will
> send you the script I
> use on it _after_ it has been tested.
>
>
>
> On Thu, 2005-09-01 at 12:10 -0700, Antonio Olivares
> wrote:
> >
> > --- Jeff Vian <jvian10@xxxxxxxxxxx> wrote:
> >
> > > On Thu, 2005-09-01 at 04:53 -0700, Antonio
> Olivares
> > > wrote:
> > > >
> > > > --- Jeff Vian <jvian10@xxxxxxxxxxx> wrote:
> > > >
> > > > > On Wed, 2005-08-31 at 17:16 -0700, Antonio
> > > Olivares
> > > > > wrote:
> > > > > >
> > > > > > --- Jeff Vian <jvian10@xxxxxxxxxxx> wrote:
> > > > > >
> > > > > > > On Wed, 2005-08-31 at 12:20 -0700,
> Antonio
> > > > > Olivares
> > > > > > > wrote:
> > > > > > > >
> > > > > > > > --- Antonio Olivares
> > > <olivares14031@xxxxxxxxx>
> > > > > > > wrote:
> > > > > > > >
> > > > > > > >
> > > > *nat
> > > > :PREROUTING ACCEPT [759:76421]
> > > > :POSTROUTING ACCEPT [4:288]
> > > > :OUTPUT ACCEPT [394:23805]
> > > > -A POSTROUTING -o eth1 -j MASQUERADE
> > > > -A POSTROUTING -o eth0 -j MASQUERADE
> > > > -A POSTROUTING -o eth1 -j MASQUERADE
> > > > -A POSTROUTING -o eth0 -j MASQUERADE
> > > > -A POSTROUTING -o eth1 -j MASQUERADE
> > > > -A POSTROUTING -o eth1 -j MASQUERADE
> > > > COMMIT
> > > > # Completed on Wed Aug 31 07:52:24 2005
> > > > [root@rio ~]# cat
> /proc/sys/net/ipv4/ip_forward
> > > > 1
> > > > [root@rio ~]#
> > > >
> > > > Thanks for all your help and suggestions. It
> will
> > > > work. It is just a matter of finding where
> things
> > > are
> > > > stopping.
> > > >
> > > > Best Regards,
> > > >
> > > > Antonio
> > > >
> > >
> > > Attached is a basic script for a firewall/router
> > > like you are using.
> > >
> > > Simply put it somewhere on the linux box, make
> it
> > > executable, then as
> > > root run it.
> > >
> > > After running this script, rerun "service
> iptables
> > > save" to save the
> > > rules so they load automatically when you
> reboot.
> > >
> > > It should load all the rules you need for a
> dynamic
> > > external address on
> > > eth0, a fixed internal address on eth1, and DNS
> on
> > > the external
> > > network.
> > >
> > > To test that it works, simply retry (from the
> > > windows box) the ping
> > > commands I gave earlier, and even try a ping to
> > > www.yahoo.com.
> > > If they all work then you should be all set.
> > >
> > > This was generated using fwbuilder which is
> readily
> > > available on the net
> > > from www.fwbuilder.org or on sourceforge.
> > >
> > > HTH
> > > Jeff
> > >
> >
> > Now, I cannot access the local network and the
> > internet from the machine. The eth0 device was
> > assigned an IP according to its MAC address and
> now it
> > does not work, it says that it is active. When I
> shut
> > down the machine it gave me some weird message
> which I
> > do not know how to get since I am sending this
> email
> > from the other machine which has internet access
> in my
> > classroom.
> > Is there a way to solve this issue?
> >
> > TIA
> >
> > Antonio
> >
> >
> >
> >
> ____________________________________________________
> > Start your day with Yahoo! - make it your home
> page
> > http://www.yahoo.com/r/hs
> >
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
