IPChains Problem

Here is a better picture of what I am doing:

    |----------|
    |          |
    |   PC     |  ----|
    |          |      |
    |----------|      |
                         192.168.1.0/24            10.0.0.0/24
Internet
    |----------|      |           |-------------|
|---------------|
    |          |      |           |             |               |
|
    |   PC     |------|-----------|  SPARC 5    |---------------|  DSL
Router   |----------
    |          |      |           |             |               |
|
    |----------|      |           |-------------|
|---------------|

    |----------|      |
    |          |      |
    |   PC     |------|
    |          |
    |----------|

This is a modified Bastion firewall setup. The goal here is to keep a DMZ on
the inside of the public firewall (the DSL router) so that there is now an
other level of security. I have done this many times with two NICs, but I
now have a machine that has only one NIC so I must find a way to get
ipchains to allow this SPARC 5 to become a router and route between the two
networks.

Does this help you understand what my goal is better?

David

-----Original Message-----
From: plug-discuss-admin@lists.plug.phoenix.az.us
[mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of Kevin
Brown
Sent: Monday, July 07, 2003 7:29 AM
To: plug-discuss@lists.plug.phoenix.az.us
Subject: Re: IPChains Problem


> Here is what I have, a SPARC 5 running Debian Woody, 2.2 kernel since the
> 2.4 is not stable, and a single NIC. I have Alias the NIC for two
addresses.
> This box is an internal router for a small network. The interfaces file
> looks like:
>
> # /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
>
> # The loopback interface
> auto lo
> iface lo inet loopback
>

> # The first network card - this entry was created during the Debian
> installation
> # (network, broadcast and gateway are optional)
> auto eth0
> iface eth0 inet static
>      address 192.168.1.1
>      netmask 255.255.255.0
>      network 192.168.1.0
>      broadcast 192.168.1.255

>

> auto eth0:1
> iface eth0:1 inet static
>     address 10.0.0.1
>     netmask 255.255.225.0
>     network 10.0.0.0
>     broadcast 10.0.0.255

>
> I am trying to setup some IPChains to do the routing. I have tried the
> following:
>
> ipchains -A forward -s 192.168.1.0/24 -j MASQ
> ipchains -A input -s 192.168.1.0/24 -d 0.0.0.0/0 -j ACCEPT
> ipchains -A forward -s 192.168.1.0/24 -d 10.0.0.1 -j ACCEPT
> ipchains -A output -s 192.168.0.0/24 -d 0.0.0.0/0 -j ACCEPT
> ipchains -A output -s 10.0.0.1 -d 10.0.0.254 -j ACCEPT
> ipchains -A input -s 10.0.0.1 -d 0.0.0.0/0 -j ACCEPT
> ipchains -A forward -s 10.0.0.1 -d 10.0.0.254 -j ACCEPT
>
> All I can do is ping the interface card. I can use either address,
> 192.168.1.1 or 10.0.0.1, but I can not ping the DSL router on the other
side
> of the box, 10.0.0.254. What am I missing to get IPChains to route on this
> single NIC?
>
> I have IPChains version: 1.3.10, 1-Sep-2000 and Kernel version: Linux
Router
> 2.2.20 #1 Fri Nov 16 15:48:02 EST 2001 sparc unknown.
>
> Any ideas what I am doing wrong?

I'm just curious, but why are you setting up a NAT/Masq box when the two
networks you are trying to work with are both non-Net routable?

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss