[Techtalk] Need some firewall help

[Nicci Tynen]

Hi all,

All the firewalls I've built to date have private IPs on the inside with
one public IP on the NIC to the internet.  The firewall does NAT and
intense packet filtering.  They all work like charms.

I've built a new firewall that has to have 2 public IPs (inside and
out).  I configure the NICs, make sure IPV4_FORWARDING is on and routed
is running (-q flag).

Iadd the following to the routing table:

route add -host <ip of  Host 1> dev <inside interface>

This is so I can ping Host 1 and send icmp packets back to it.

>From the firewall itself, I can ping anywhere.

Host 1:  I configure it to have a public IP (same subnet) and set the gw
to be the inside public IP of the firewall.  I can ping the inside
public IP of the firewall and the outside public IP of the firewall.
However, I cannot ping beyond the outside IP of the firewall.

Strange occurance:

I change the firewall to have a private IP on the inside NIC.  I issue
the command:

ipchains -A forward -s <private ips> -j MASQ

Host 1:  I configure the NIC for a private IP and change the gw.  Now I
can ping anywhere.

I know this is a basic one but it's eluding me.

Thoughts?

Thanks,
Nicci


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://linuxchix.org/pipermail/techtalk/attachments/20000405/4d52be4c/attachment.xhtml