[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [seul-edu] Re: HELP!



Bob,
    This sounds really promising. I'll try it tomorrow. I haven't looked at
resolv.conf because of working through Linuxconf. Will let you know.
    I can't dedicate any machine to exclusive use as a firewall because only
7 are working so far, after 9 months of effort, and the students need access
to as many as possible. The school district has a double firewall too before
anything even gets to my classroom.

Thanks,
Dave Prentice
prentice@instruction.com
http://www.originsresource.org
http://www.prenticenet.com/home/dprentice
-----Original Message-----
From: Robert Hopcroft <hopcroft@uswest.net>
To: seul-edu@seul.org <seul-edu@seul.org>
Date: Wednesday, September 13, 2000 10:06 PM
Subject: Re: [seul-edu] Re: HELP!


Dave Prentice wrote:

>     Regarding masquerading: I used Linuxconf to tell every one of the
other
> machines that 192.168.0.106 (pc6a) is the default gateway. They don't seem
> to care. Is there someplace where I am supposed to tell them what its
"real"
> internet IP on the other NIC is? It's a static address, though it connects
> as DHCP. Ifconfig says everything is fine, and pc6a accesses the net just
> fine, but the others don't seem to know it's there.

Dave, again you are very close to what I have. Your pc6a is equivalent to my
firewall machine. I'm also running dhcp. However I'm running OpenBSD on the
firewall. The internal machines only need to know gateway IP, namely
192.168.0.106
I assume the internal machines' /etc/hosts files are OK since you can ping.
What
about the internal machines' /etc/resolv.conf files. I don't know the name
of
your
internal network. Let's assume it's z.net and your ISP's primary and
secondary
DNS
servers IP addresses are x.x.x.x and y.y.y.y respectively or are you running
your
own nameserver. Your internal machines /etc/resolv.conf files should be

search z.net
nameserver x.x.x.x
nameserver y.y.y.y

I didn't use Linuxconf as I set everything up when I did the installation.

Are you getting through your firewall. I don't know Linux but in OpenBSD
speak
is ipforwarding turned on. What about ipnat and ipfilters (ipchains in
Linux).
Run
tcpdump on the firewall's internal and external interfaces. See what's
happening.
You'll have to look at the man pages since I'm running OpenBSD which is
probably slightly different.

Finally are you sure you want to run anything on your firewall. I was under
attack
a little wile ago though they seem to have given up.

Bob