ICS from firestarter

THUFIR HAWAT hawat.thufir at gmail.com
Thu Jul 14 07:24:27 UTC 2005 

There's a diagram showing how to connect two computers at 
<http://www.fs-security.com/docs/connection-sharing.php> which
describes my setup.

I have two computers:  arrakis and caladan.  Arrakis eth0 is the
external interface.  Arrakis eth1 is the internal interface.  Arrakis
eth1 connects to a hub, to which a second computer, caladan is also
connected.  I'm trying to setup ICS on arrakis.

Is the firstarter firewall preventing arrakis from accessing the
internet?  Every time I do step#1 I can't get on the internet, I have
to disable the firewall to get on the internet.  What's wrong with the
firewall settings, please?

step#1
======

set up DHCP for arrakis eth0, enable ICS.
set up DHCP for arrakis eth1.
run /etc/init.d/network restart

some terminal output afterwards:
Thu Jul 14 08:07:58 IST 2005
Shutting down interface eth0:  [  OK  ]

Shutting down interface eth1:  [  OK  ]

Shutting down loopback interface:  [  OK  ]

Setting network parameters:  [  OK  ]

Bringing up loopback interface:  [  OK  ]

Bringing up interface eth0:  [  OK  ]

Bringing up interface eth1:  [  OK  ]

00:00.0 Host bridge: Silicon Integrated Systems [SiS] 740 Host (rev 01)
00:01.0 PCI bridge: Silicon Integrated Systems [SiS] Virtual
PCI-to-PCI bridge (AGP)
00:02.0 ISA bridge: Silicon Integrated Systems [SiS] SiS962 [MuTIOL
Media IO] (rev 25)
00:02.1 SMBus: Silicon Integrated Systems [SiS] SiS961/2 SMBus Controller
00:02.5 IDE interface: Silicon Integrated Systems [SiS] 5513 [IDE]
00:02.7 Multimedia audio controller: Silicon Integrated Systems [SiS]
Sound Controller (rev a0)
00:03.0 USB Controller: Silicon Integrated Systems [SiS] USB 1.0
Controller (rev 0f)
00:03.1 USB Controller: Silicon Integrated Systems [SiS] USB 1.0
Controller (rev 0f)
00:03.3 USB Controller: Silicon Integrated Systems [SiS] USB 2.0 Controller
00:04.0 Ethernet controller: Silicon Integrated Systems [SiS] SiS900
PCI Fast Ethernet (rev 90)
00:09.0 Ethernet controller: D-Link System Inc RTL8139 Ethernet (rev 10)
01:00.0 VGA compatible controller: Silicon Integrated Systems [SiS]
65x/M650/740 PCI/AGP VGA Display Adapter
eth0      Link encap:Ethernet  HWaddr 00:0A:E6:A0:24:27  
          inet addr:192.168.2.175  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::20a:e6ff:fea0:2427/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4446 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5006 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:3242779 (3.0 MiB)  TX bytes:674792 (658.9 KiB)
          Interrupt:5 Base address:0xd400 

eth1      Link encap:Ethernet  HWaddr 00:0D:88:37:FA:22  
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::20d:88ff:fe37:fa22/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:51 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:3508 (3.4 KiB)
          Interrupt:5 Base address:0xd000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:227 errors:0 dropped:0 overruns:0 frame:0
          TX packets:227 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:18324 (17.8 KiB)  TX bytes:18324 (17.8 KiB)

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0     *               255.255.255.0   U     0      0        0 eth0
192.168.0.0     *               255.255.255.0   U     0      0        0 eth1
169.254.0.0     *               255.255.0.0     U     0      0        0 eth1
default         192.168.2.1     0.0.0.0         UG    0      0        0 eth0
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth1
0.0.0.0         192.168.2.1     0.0.0.0         UG        0 0          0 eth0



step#2
=======
stop the firestarter firewall
some terminal output afterwards:

Thu Jul 14 08:09:00 IST 2005
00:00.0 Host bridge: Silicon Integrated Systems [SiS] 740 Host (rev 01)
00:01.0 PCI bridge: Silicon Integrated Systems [SiS] Virtual
PCI-to-PCI bridge (AGP)
00:02.0 ISA bridge: Silicon Integrated Systems [SiS] SiS962 [MuTIOL
Media IO] (rev 25)
00:02.1 SMBus: Silicon Integrated Systems [SiS] SiS961/2 SMBus Controller
00:02.5 IDE interface: Silicon Integrated Systems [SiS] 5513 [IDE]
00:02.7 Multimedia audio controller: Silicon Integrated Systems [SiS]
Sound Controller (rev a0)
00:03.0 USB Controller: Silicon Integrated Systems [SiS] USB 1.0
Controller (rev 0f)
00:03.1 USB Controller: Silicon Integrated Systems [SiS] USB 1.0
Controller (rev 0f)
00:03.3 USB Controller: Silicon Integrated Systems [SiS] USB 2.0 Controller
00:04.0 Ethernet controller: Silicon Integrated Systems [SiS] SiS900
PCI Fast Ethernet (rev 90)
00:09.0 Ethernet controller: D-Link System Inc RTL8139 Ethernet (rev 10)
01:00.0 VGA compatible controller: Silicon Integrated Systems [SiS]
65x/M650/740 PCI/AGP VGA Display Adapter
eth0      Link encap:Ethernet  HWaddr 00:0A:E6:A0:24:27  
          inet addr:192.168.2.175  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::20a:e6ff:fea0:2427/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4466 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5022 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:3254930 (3.1 MiB)  TX bytes:679030 (663.1 KiB)
          Interrupt:5 Base address:0xd400 

eth1      Link encap:Ethernet  HWaddr 00:0D:88:37:FA:22  
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::20d:88ff:fe37:fa22/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:54 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:3708 (3.6 KiB)
          Interrupt:5 Base address:0xd000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:227 errors:0 dropped:0 overruns:0 frame:0
          TX packets:227 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:18324 (17.8 KiB)  TX bytes:18324 (17.8 KiB)

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0     *               255.255.255.0   U     0      0        0 eth0
192.168.0.0     *               255.255.255.0   U     0      0        0 eth1
169.254.0.0     *               255.255.0.0     U     0      0        0 eth1
default         192.168.2.1     0.0.0.0         UG    0      0        0 eth0
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth1
0.0.0.0         192.168.2.1     0.0.0.0         UG        0 0          0 eth0

More information about the fedora-list mailing list