Here is a better picture of what I am doing: |----------| | | | PC | ----| | | | |----------| | 192.168.1.0/24 10.0.0.0/24 Internet |----------| | |-------------| |---------------| | | | | | | | | PC |------|-----------| SPARC 5 |---------------| DSL Router |---------- | | | | | | | |----------| | |-------------| |---------------| |----------| | | | | | PC |------| | | |----------| This is a modified Bastion firewall setup. The goal here is to keep a DMZ on the inside of the public firewall (the DSL router) so that there is now an other level of security. I have done this many times with two NICs, but I now have a machine that has only one NIC so I must find a way to get ipchains to allow this SPARC 5 to become a router and route between the two networks. Does this help you understand what my goal is better? David -----Original Message----- From: plug-discuss-admin@lists.plug.phoenix.az.us [mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of Kevin Brown Sent: Monday, July 07, 2003 7:29 AM To: plug-discuss@lists.plug.phoenix.az.us Subject: Re: IPChains Problem > Here is what I have, a SPARC 5 running Debian Woody, 2.2 kernel since the > 2.4 is not stable, and a single NIC. I have Alias the NIC for two addresses. > This box is an internal router for a small network. The interfaces file > looks like: > > # /etc/network/interfaces -- configuration file for ifup(8), ifdown(8) > > # The loopback interface > auto lo > iface lo inet loopback > > # The first network card - this entry was created during the Debian > installation > # (network, broadcast and gateway are optional) > auto eth0 > iface eth0 inet static > address 192.168.1.1 > netmask 255.255.255.0 > network 192.168.1.0 > broadcast 192.168.1.255 > > auto eth0:1 > iface eth0:1 inet static > address 10.0.0.1 > netmask 255.255.225.0 > network 10.0.0.0 > broadcast 10.0.0.255 > > I am trying to setup some IPChains to do the routing. I have tried the > following: > > ipchains -A forward -s 192.168.1.0/24 -j MASQ > ipchains -A input -s 192.168.1.0/24 -d 0.0.0.0/0 -j ACCEPT > ipchains -A forward -s 192.168.1.0/24 -d 10.0.0.1 -j ACCEPT > ipchains -A output -s 192.168.0.0/24 -d 0.0.0.0/0 -j ACCEPT > ipchains -A output -s 10.0.0.1 -d 10.0.0.254 -j ACCEPT > ipchains -A input -s 10.0.0.1 -d 0.0.0.0/0 -j ACCEPT > ipchains -A forward -s 10.0.0.1 -d 10.0.0.254 -j ACCEPT > > All I can do is ping the interface card. I can use either address, > 192.168.1.1 or 10.0.0.1, but I can not ping the DSL router on the other side > of the box, 10.0.0.254. What am I missing to get IPChains to route on this > single NIC? > > I have IPChains version: 1.3.10, 1-Sep-2000 and Kernel version: Linux Router > 2.2.20 #1 Fri Nov 16 15:48:02 EST 2001 sparc unknown. > > Any ideas what I am doing wrong? I'm just curious, but why are you setting up a NAT/Masq box when the two networks you are trying to work with are both non-Net routable? --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss