Firewalls and routers
Eric Rossiter
rossiter at discoverynet.com
Sun Jan 12 17:03:42 CST 2003
If you'll check out http://www.linuxguruz.org/iptables/ I believe you'll
find everything you need. There should be at least one example rule for
everything you're trying to achieve. There are some canned iptables
firewall scripts you can probably download and do everything you need
also... a simple IP change and you'll be good to go...
If you're running ipchains, upgrade to iptables.
iptables -L -N
will show you all your rules, and the ports listening... you can see
what is open and listening or not.
Sorry, I don't have any experience with ipchains, but i understand they
are very similiar.
Why go through a d-link router and then to a linux router? I'd dump the
d-link since you said everything works when the linux router is
connected to the cable modem. If I understand everything correctly, it
sounds like the d-link is your prob.
HTH,
E
On Sun, 2003-01-12 at 10:36, Doug Bronson wrote:
> Hi all.
> I have a bit of a problem that I can't seem to over come.
>
> After giving up on my dial up connection, I bit the bullet, swallowed my
> pride and let Time Warner back on my property, with their broad band
> cable service.
>
> Here is what I'm trying to do:
> >From the cable modem a wired link will go to a D-Link router. Off the
> router will be three connections. One to a web server, one to a wireless
> access point and one to a linux box (proxy server). The linux box will
> then connect to the home LAN.
>
> The linux box (proxy server) is running Squid and also masq. the
> internal LAN.
> All internal boxes have static IP's.
> The router can assign addresses.
> I have no problems with either the web server or the wireless access
> point.
>
> THE PROBLEM:
> As long as I don't have any firewall (IPChains) running on the proxy
> server, all is happy.
> >From any work station I can get out to the net, FTP, use AIM and
> get/send mail.
> Once the firewall is running, either my home made one or PMFirewall, I
> only have web access. No FTP, AIM or mail.
>
> WHAT I'VE TRIED:
> The Proxy server works fine (w/ IPChains running) as long as it is
> directly connected to the cable modem. The same is true if the router is
> replaced with a ethernet switch.
>
> I have configured the router to assign IP addresses and/or use static
> addresses to the internal LAN. I have also configured the proxy server
> to use DCHP for the ext. card and/or use the assigned number. I have
> also tried all combinations of the above.
>
> I have pre set the DNS pri. and sec. in both the card config, and the
> firewalls.
>
> None of the above have worked.
>
> The only progress that was made was while using PMFirewall, I was able
> to browse the internet. But no FTP, AIM or mail.
>
> Has anybody successfully done what I'm trying to do?
> If so how did you do it?
> Is it a simple IPChain that I'm overlooking?
> DO I need to tunnel through the router?
>
> Please feel free to offer any advice at all, as now I'm only able to use
> one firewall (the router) and the rest of the system is wide open to
> attacks on the web server and/or wireless network.
>
> Thanks
> Doug
>
>
More information about the Kclug
mailing list