Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
 
Reply to this topicStart new topic
> Redhat 9 Firewall, LAN card not seeing External card
tazman
post Dec 18 2003, 08:45 PM
Post #1


Whats this Lie-nix Thing?
*

Group: Members
Posts: 7
Joined: 12-December 03
Member No.: 1,947



I am having problem with my Linux firewall box eth1 is connected to the router and it goes out to the web no problem but eth0 is connected to the internal network and that will not see the web or any PC's on the network can you help below is the route table and the config of each eth file and ifconfig:-
I have been at it all day and nothing, something else what is weird if i bring both cards down them just bring up eth0 the LAN can see the card but can't get out on to the web because i have not brought eth1 up.

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface why is eth0 not in the routing table
192.168.254.0 * 255.255.255.0 U 0 0 0 eth1
192.168.254.0 * 255.255.255.0 U 0 0 0 eth1
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 192.168.254.201 0.0.0.0 UG 0 0 0 eth1


DEVICE=eth0 connected to LAN not working
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.254.3
NETMASK=255.255.255.0
GATEWAY=192.168.254.4
BROADCAST=192.168.254.255
NETWORK=192.168.254.0


DEVICE=eth1 connected to router working fine
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.254.4
NETMASK=255.255.255.0
NETWORK=192.168.254.0

eth0 Link encap:Ethernet HWaddr 00:4F:4E:00:D7:A2
inet addr:192.168.254.3 Bcast:192.168.254.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:441 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:40771 (39.8 Kb) TX bytes:360 (360.0 cool.gif
Interrupt:9 Base address:0xf000

eth1 Link encap:Ethernet HWaddr 00:10:5A:F2:7F:BA
inet addr:192.168.254.4 Bcast:192.168.254.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:345 errors:0 dropped:0 overruns:0 frame:0
TX packets:135 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:32058 (31.3 Kb) TX bytes:13237 (12.9 Kb)
Interrupt:12 Base address:0x6200

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:10 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:700 (700.0 cool.gif TX bytes:700 (700.0 cool.gif
Go to the top of the page
 
+Quote Post
hughesjr
post Dec 18 2003, 10:32 PM
Post #2


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



Seems like you have a hardware router with NAT already (since your external address is 192.168.254.4). Since your internal network is not accessible from the outside (192.168.x.x networks can only be accessed from the internet via port forwarding of your internet router) ... why do you want another firewall?

If you really do want another internal firewall, the external (eth1) card must be on a different subnet the the internal (eth0) card (you can't route between 2 cards on the same subnet).

So since eth1 is on the 192.168.254.0 subnet, put eth0 on the 192.168.253.0 subnet ... and you will need to change all the other PC's you also want to go through the firewall onto the 192.168.253.0 subnet.

In this setup ... the default gateway for the firewall computer needs to be the external router IP.


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
tazman
post Dec 19 2003, 10:03 AM
Post #3


Whats this Lie-nix Thing?
*

Group: Members
Posts: 7
Joined: 12-December 03
Member No.: 1,947



thanks man smile.gif

I have changed eth0 from 192.168.254.3 to 192.168.253.3 but what about
NETWORK and BROADCAST on eth0 does that need to be changed to 253 as well

the router address is 192.168.254.201 is the gw now the external address
Go to the top of the page
 
+Quote Post
tazman
post Dec 19 2003, 04:45 PM
Post #4


Whats this Lie-nix Thing?
*

Group: Members
Posts: 7
Joined: 12-December 03
Member No.: 1,947



OK hughesjr, I think i am nearly there as i can know SSH into eth1 from my windows PC but i can't get out onto the web i am not sure where to put the external IP address 216.239.69.89 below is my net card config files the route table and i did iptables -L nv please can you advice:-
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.253.3
NETMASK=255.255.255.0
GATEWAY=192.168.254.4
BROADCAST=192.168.253.255
NETWORK=192.168.253.0

DEVICE=eth1
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.254.4
NETMASK=255.255.255.
NETWORK=192.168.254.0

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.253.0 * 255.255.255.0 U 0 0 0 eth0
192.168.254.0 * 255.255.255.0 U 0 0 0 eth1
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 192.168.254.201 0.0.0.0 UG 0 0 0 eth1

iptables -L nv
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
354 23398 RH-Lokkit-0-50-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
98 5820 RH-Lokkit-0-50-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 278 packets, 22504 bytes)
pkts bytes target prot opt in out source destination

Chain RH-Lokkit-0-50-INPUT (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
450 28918 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0
2 300 ACCEPT udp -- * * 195.8.181.10 0.0.0.0/0 udp spt:53
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02 reject-with icmp-port-unreachable
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp reject-with icmp-port-unreachable
Go to the top of the page
 
+Quote Post
hughesjr
post Dec 20 2003, 09:12 AM
Post #5


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



I still don't have a clear picture of what you are trying to accomplish.

You have a router for your network (it seems to be 216.239.69.89 on the outside port and 192.168.254.201 on the inside port). Is this correct? If so, is this router a computer or a router ... and if a router, what kind. If it is a Linux Box, You should make it the Router and Firewall.

You also seem to have a seperate firewall that you want to put into place behind your router.

Here is a picture of what I think you have:


If you want to edit this drawing to make it more accurate (I used OpenOffice.org Draw to make it), you can download the draw file here


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
tazman
post Dec 20 2003, 03:35 PM
Post #6


Whats this Lie-nix Thing?
*

Group: Members
Posts: 7
Joined: 12-December 03
Member No.: 1,947



yes that exacly what i have got,
my problem was i was using the same subnet but everything seems ok now i just have a problem with my firewall script do you have one i could try out
Go to the top of the page
 
+Quote Post
hughesjr
post Dec 20 2003, 07:19 PM
Post #7


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



We have a firewall script here.


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
tazman
post Dec 21 2003, 08:01 PM
Post #8


Whats this Lie-nix Thing?
*

Group: Members
Posts: 7
Joined: 12-December 03
Member No.: 1,947



Thanks for the script but where does it log all the attack.

P.S. Before i had my link firewall i hade Norton Personal Firewall and what i like about it is when ever something tried to access my PC a box would pop warning me how can i get my redhat 9 box to do this or give me some sort of instant warning.

what the best Intrusion detection software to setup on my linux box
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 19th October 2017 - 10:33 PM