Firewall & Routing - help!
Kevin F. Berrien
kblists at comcast.net
Thu Jun 10 20:44:35 UTC 2004
Thanks for the reponses by everyone. I've combined the ideas, done the
following with the following results.
> a) make a route in 192.168.50.1 that routes traffic for 192.168.5.0 to
> your IP of 192.168.50.48... This will allow your gateway server/router
> to route packets to this additional network properly.
Done, set a route on 50.1 to 5.0 (test environ is a linksys BEFSR41,
live will be Symantec/Raptor fw).
> And you need to turn on packet forwarding on the box that is routing
between subnets to do that.
> Edit /etc/sysctl.conf changing ip_forward on:
> net.ipv4.ip_forward = 1
> Then apply the change with the following command:
> sysctl -p
Ok, edited the value of net.ipv4.ip_forward to true. Please note, when
I execute a network restart I see the following...
Shutting down interface eth0: [ OK ]
Shutting down interface eth1: [ OK ]
Shutting down loopback interface: [ OK ]
Disabling IPv4 packet forwarding: [ OK ]
I'm not sure where the IPv4 packet forwarding dissable is comming from.
> When you have multiple devices like this, each device should have its
gateway for the local network (or no gateway if *it*
> is the gateway)
Edited eth1 with gateway blank.
> then you should have a statement like this in your
> NOW, try pinging 192.168.5.200 from 192.168.50.48... You should get
> responses back. If so, try 192.168.5.3 next.
******** I've turned off the fw to test the routing.
Ok, I can ping from the firewall both ways, machine from one subnet to
the other, and vice versa.
I can access my internal web server just fine. I get dns results from
internal dns server etc.... so I'm bridging the subnets now.
I however, CAN NOT get out of my 50.x subnet to the internet from the
firewall, and from the machine at 5.3.
[root at choke root]# ping www.groklaw.net
connect: Network is unreachable
Also, where are the default routes, etc.. stored in RH/FC1? When I
first boot, I've got some crazy routes from playing around before....
btw, here is my routing table
Destination Gateway Genmask Flags Metric Ref Use
172.20.5.0 * 255.255.255.0 U 0 0 0 eth1
192.168.5.0 * 255.255.255.0 U 0 0 0 eth1
192.168.50.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
[root at choke root]#
Dunno what hte 169.254 is, or where its comming from.
My route on the bastion fw (50.1) appears to be ok.
All most there! Thanks!
More information about the fedora-list