--- Antonio Olivares <olivares14031@xxxxxxxxx> wrote: > > --- Jeff Vian <jvian10@xxxxxxxxxxx> wrote: > > > On Thu, 2005-09-01 at 04:53 -0700, Antonio > Olivares > > wrote: > > > > > > --- Jeff Vian <jvian10@xxxxxxxxxxx> wrote: > > > > > > > On Wed, 2005-08-31 at 17:16 -0700, Antonio > > Olivares > > > > wrote: > > > > > > > > > > --- Jeff Vian <jvian10@xxxxxxxxxxx> wrote: > > > > > > > > > > > On Wed, 2005-08-31 at 12:20 -0700, Antonio > > > > Olivares > > > > > > wrote: > > > > > > > > > > > > > > --- Antonio Olivares > > <olivares14031@xxxxxxxxx> > > > > > > wrote: > > > > > > > > > > > > > > > > > *nat > > > :PREROUTING ACCEPT [759:76421] > > > :POSTROUTING ACCEPT [4:288] > > > :OUTPUT ACCEPT [394:23805] > > > -A POSTROUTING -o eth1 -j MASQUERADE > > > -A POSTROUTING -o eth0 -j MASQUERADE > > > -A POSTROUTING -o eth1 -j MASQUERADE > > > -A POSTROUTING -o eth0 -j MASQUERADE > > > -A POSTROUTING -o eth1 -j MASQUERADE > > > -A POSTROUTING -o eth1 -j MASQUERADE > > > COMMIT > > > # Completed on Wed Aug 31 07:52:24 2005 > > > [root@rio ~]# cat /proc/sys/net/ipv4/ip_forward > > > 1 > > > [root@rio ~]# > > > > > > Thanks for all your help and suggestions. It > will > > > work. It is just a matter of finding where > things > > are > > > stopping. > > > > > > Best Regards, > > > > > > Antonio > > > > > > > Attached is a basic script for a firewall/router > > like you are using. > > > > Simply put it somewhere on the linux box, make it > > executable, then as > > root run it. > > > > After running this script, rerun "service iptables > > save" to save the > > rules so they load automatically when you reboot. > > > > It should load all the rules you need for a > dynamic > > external address on > > eth0, a fixed internal address on eth1, and DNS > on > > the external > > network. > > > > To test that it works, simply retry (from the > > windows box) the ping > > commands I gave earlier, and even try a ping to > > www.yahoo.com. > > If they all work then you should be all set. > > > > This was generated using fwbuilder which is > readily > > available on the net > > from www.fwbuilder.org or on sourceforge. > > > > HTH > > Jeff > > > > > I have gotten fwbuilder but I do not know how to do > anything. I have installed it but I am at the same > point that I started. > > However, I found the following information from the > script that you attached and it probably is one > reason > that it does not work. > > The eth0 in the computer which is the dhcp server is > the one which is assigned a static ip address. Here > in the script, that ip address is dynamic. The > bigger > server to which this computer is attached is running > static dhcp in which the mac address of the network > interface is used. That probably is the one of the > reasons why it does not work. > > #!/bin/sh > # > # This is automatically generated file. DO NOT > MODIFY > ! > # > # Firewall Builder fwb_ipt v2.0.6-1 > # > # Generated Thu Sep 1 08:25:45 2005 CDT by jeff > # > # files: * basicfw.fw > # > # > # This firewall has two interfaces. Eth0 faces > outside and has a dynamic address; eth1 faces > inside. > # Policy includes basic rules to permit > unrestricted > outbound access and anti-spoofing rules. Access to > the > firewall is permitted only from internal network and > only using SSH. The firewall uses one of the > machines > on internal network for DNS. Internal network is > configured with address 192.168.1.0/255.255.255.0 > # > # > # > > The machine's name to have access to the BIG network > is 6355-2 because it is the second computer in the > classroom. The name rio was the original host's > name > before they modified the network. > > Here's part of cat /var/log/messages > Sep 1 16:58:03 rio kernel: RULE 4 -- DENY IN=eth0 > OUT= MAC=ff:ff:ff:ff:ff:ff:00:06:5b:c6:cd:98:08:00 > SRC=10.154.19.76 DST=10.154.19.255 LEN=78 TOS=0x00 > PREC=0x00 TTL=128 ID=61720 PROTO=UDP SPT=137 DPT=137 > LEN=58 > Sep 1 16:58:04 rio kernel: RULE 2 -- DENY IN=eth1 > OUT= MAC=00:60:97:c5:2a:c3:00:c0:4f:73:24:f5:08:00 > SRC=192.168.100.199 DST=192.168.100.1 LEN=96 > TOS=0x00 > PREC=0x00 TTL=128 ID=16132 PROTO=UDP SPT=137 DPT=137 > LEN=76 > Sep 1 16:58:04 rio kernel: RULE 4 -- DENY IN=eth0 > OUT= MAC=ff:ff:ff:ff:ff:ff:00:06:5b:c6:cd:98:08:00 > SRC=10.154.19.76 DST=10.154.19.255 LEN=78 TOS=0x00 > PREC=0x00 TTL=128 ID=61721 PROTO=UDP SPT=137 DPT=137 > LEN=58 > Sep 1 16:58:05 rio kernel: RULE 2 -- DENY IN=eth1 > OUT= MAC=00:60:97:c5:2a:c3:00:c0:4f:73:24:f5:08:00 > SRC=192.168.100.199 DST=192.168.100.1 LEN=96 > TOS=0x00 > PREC=0x00 TTL=128 ID=16388 PROTO=UDP SPT=137 DPT=137 > LEN=76 > Sep 1 16:58:07 rio kernel: RULE 2 -- DENY IN=eth1 > OUT= MAC=00:60:97:c5:2a:c3:00:c0:4f:73:24:f5:08:00 > SRC=192.168.100.199 DST=192.168.100.1 LEN=96 > TOS=0x00 > PREC=0x00 TTL=128 ID=16644 PROTO=UDP SPT=137 DPT=137 > LEN=76 > Sep 1 16:58:13 rio kernel: RULE 2 -- DENY IN=eth1 > OUT= MAC=00:60:97:c5:2a:c3:00:c0:4f:73:24:f5:08:00 > SRC=192.168.100.199 DST=192.168.100.1 LEN=96 > TOS=0x00 > PREC=0x00 TTL=128 ID=16900 PROTO=UDP SPT=137 DPT=137 > LEN=76 > Sep 1 16:58:14 rio kernel: RULE 2 -- DENY IN=eth1 > OUT= MAC=00:60:97:c5:2a:c3:00:c0:4f:73:24:f5:08:00 > SRC=192.168.100.199 DST=192.168.100.1 LEN=96 > TOS=0x00 > PREC=0x00 TTL=128 ID=17156 PROTO=UDP SPT=137 DPT=137 > LEN=76 > Sep 1 16:58:16 rio kernel: RULE 2 -- DENY IN=eth1 > OUT= MAC=00:60:97:c5:2a:c3:00:c0:4f:73:24:f5:08:00 > SRC=192.168.100.199 DST=192.168.100.1 LEN=96 > TOS=0x00 > PREC=0x00 TTL=128 ID=17412 PROTO=UDP SPT=137 DPT=137 > LEN=76 > Sep 1 16:58:17 rio kernel: RULE 4 -- DENY IN=eth0 > OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:1f:86:f9:67:08:00 > SRC=10.154.19.17 DST=10.154.19.255 LEN=241 TOS=0x00 > PREC=0x00 TTL=128 ID=13102 PROTO=UDP SPT=138 DPT=138 > LEN=221 > Sep 1 16:58:20 rio kernel: RULE 4 -- DENY IN=eth0 > OUT= MAC=ff:ff:ff:ff:ff:ff:00:06:5b:c6:cd:98:08:00 > SRC=10.154.19.76 DST=10.154.19.255 LEN=78 TOS=0x00 > PREC=0x00 TTL=128 ID=61724 PROTO=UDP SPT=137 DPT=137 > LEN=58 > Sep 1 16:58:20 rio kernel: RULE 4 -- DENY IN=eth0 > OUT= MAC=ff:ff:ff:ff:ff:ff:00:06:5b:c6:cd:98:08:00 > SRC=10.154.19.76 DST=10.154.19.255 LEN=78 TOS=0x00 > PREC=0x00 TTL=128 ID=61725 PROTO=UDP SPT=137 DPT=137 > === message truncated === I have checked /etc/sysconfig/dhcpd and it has # Command line options here DHCPDARGS= which it has no eth0 or eth1 and I am putting eth1 and will report back if it works. DHCPDARGS=eth1 Best Regards, Antonio ______________________________________________________ Click here to donate to the Hurricane Katrina relief effort. http://store.yahoo.com/redcross-donate3/
