Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19
Redhat 9 as Firewall for Win machines - Problems!
Results 1 to 7 of 7

Thread: Redhat 9 as Firewall for Win machines - Problems!

  1. #1
    Newbie
    Join Date
    Jan 2005
    Location
    Puyallup
    Posts
    4

    Redhat 9 as Firewall for Win machines - Problems!

    Hello,

    So I thought I'd get smart and set up a Linux machine as the firewall for my Win machines to Comcast. Problem is, it doesn't work! Please help!

    Here is what I've done:
    1] Install Redhat 9 as server (this means I don't have to recompile kernel, right?)
    2] configured 2 ethernet cards
    3] eth0 does see the internet
    4] configured DHCP for Win machines
    5] eth1 leases ips for the Win machines
    6] ping from Win to Linux and Linux to Win works fine
    7] in the "network" file, forward_ipv4=yes
    8] when Win machine trys to ping internet or start up IE I get nothing but time out or the typical IE error page about can't find server or DNS error.

    Initially, I had tried to set up the Linux machine as the DNS but that didn't work. Then I thought I'd just get the thing working first by putting the DNS server of my local Seattle area DNS in the "dhcpd.conf" file instead. Nothing still. So, I'm not sure if I've missed something along the way or have a simple missed command somewhere... and I'm not sure where to go from here. Any help would be greatly appreciated!

    Thanks!
    Destry

  2. #2
    Administrator Moderator
    Member
    starfish's Avatar
    Join Date
    Apr 2004
    Posts
    141
    Destry.

    Set up your Linux FW as the DHCP server for your 192.168.x.x network as in this link http://www.linuxhomenetworking.com/linux-hn/dchp.htm

    The setup for the iptables firewall can be found at http://www.linuxhomenetworking.com/l...bles-intro.htm

    It's simplest to allow all traffic originating from your home network to be accepted by the firewall.

    Limit your rules to traffic passing through the firewall and for traffic attempting to connect to the firewall from the Internet.

    The two links should be helpful.

  3. #3
    Newbie
    Join Date
    Jan 2005
    Location
    Puyallup
    Posts
    4
    Thanks for the info! I'm finding the links (and other topics there) very useful.

    I'm now afraid, however, that I have something fairly basic messed up with my route table. When I type "route -n" I get:

    Code:
    Destination         Gateway    Genmask         Flags Metric  Ref   Use   Iface
    255.255.255.255     0.0.0.0   255.255.255.255    UH        0      0      0     eth1
    192.168.1.0         0.0.0.0   255.255.255.0      U         0      0      0     eth1
    xx.xxx.xx.0         0.0.0.0   255.255.254.0      U         0      0      0     eth0
    169.254.0.0         0.0.0.0   255.255.0.0        U         0      0      0     eth1
    127.0.0.0           0.0.0.0    255.0.0.0         U         0      0      0       lo
    0.0.0.0           xx.xxx.xx.1   0.0.0.0          UG        0      0      0     eth0
    This doesn't match the example route tables provided in the HOWTO sites.
    Any ideas on where my problem resides?
    Thanks again!
    Destry

  4. #4
    Administrator Moderator
    Member
    starfish's Avatar
    Join Date
    Apr 2004
    Posts
    141
    Destry,

    It looks OK,. What part doesn't make sense.

    You have yout DHCP 255.255.255.255 route pointing out your LAN interface which is correct.

    Is the FW the DHCP server? If so you need to allow DHCP related traffic in and out the eth1 interface. I'd just allow everything from the home LAN to the FW, and lock down the FW to only listen for SSH connections and DHCP traffic by turning off most of the other network related daemons.

  5. #5
    Newbie
    Join Date
    Jan 2005
    Location
    Puyallup
    Posts
    4
    I was concerned that there seemed to be an extra entry compared to examples. The line that begins with:
    169.254.0.0...
    But if that looks okay then I must have another issue instead.

    Yes, the FW is the DHCP.
    Since the PCs can't get out I went back and stopped iptables.
    But I still do have a couple entries in the hosts. files, per a HOWTO site I found about gateways. I have my file /etc/hosts.deny with a line:
    #hosts not allowed to use local services
    ALL: ALL

    and then my /etc/hosts.allow file has the lines:
    #hosts allowed to use local services
    ALL: 127.0.0.1
    ALL: 192.168.1.

    Is there a trouble shooting method I can run through? As mentioned before, the PCs do get an address from the FW/DHCP machine and they ping each other. The FW/DHCP machine sees the internet. The traffic just doesn't seem to get through. Initially I thought I needed to have DNS running on the FW/DHCP machine but even when I try a particular IP address from the PC I get a time out error. So I just have an entry for an outside DNS but, of course, the PCs can't get there. So the problem must be with forwarding?

    Any suggestions? Thanks for the help thus far too!
    Destry

  6. #6
    hi

    i think you have to write a rule to allow dns queries through your firewall.

    iptabes -t filter -A FORWARD -s <your_lan_network> -p tcp -dport 53 -d <your_dns_servers> -j ACCEPT
    iptabes -t filter -A FORWARD -d <your_lan_network> -p tcp -sport 53 -s <your_dns_servers> -j ACCEPT

    i think this should help u
    :wink:

  7. #7
    Newbie
    Join Date
    Jan 2005
    Location
    Puyallup
    Posts
    4
    Excellent! The system now works! I wasn't sure if the problem was in the dhcp, dns, or iptables side. You guys help me narrow it down and then fix it! Thanks!
    Destry

Similar Threads

  1. firewall problems
    By realpv in forum Security
    Replies: 3
    Last Post: 03-31-2003, 02:15 AM
  2. Redhat problems
    By Dswissmiss in forum Linux - Software, Applications & Programming
    Replies: 11
    Last Post: 02-04-2003, 03:10 AM
  3. Qmail problems (redhat 8)
    By ladams in forum Redhat / Fedora
    Replies: 1
    Last Post: 11-20-2002, 02:36 AM
  4. RedHat default firewall
    By Bogler in forum Redhat / Fedora
    Replies: 3
    Last Post: 05-31-2002, 04:05 PM
  5. firewall causing ftp problems
    By seamonkey in forum Linux - General Topics
    Replies: 5
    Last Post: 08-13-2001, 12:59 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •