Tugger the SLUGger!SLUG Mailing List Archives

RE: [SLUG] Firewall dropping packets


I don't think it's a ipchains issue as it drops packets and lets others
through. If it was a IPCHAINS problem then it would either work or not.. not
both..

I had a weird route problem which I never found which route actually caused
it but I ran ARPWATCH and watched the emails come through and it popped up
with messages saying that an IP on one of my NICs was changing MAC addresses
between the two cards (eth0 and eth2) which was causing telnet sessions to
drop off the network.. Could be something similar.. doesn't hurt to run and
try it..

thanks,
George Vieira
Network Administrator
http://www.citadelcomputer.com.au
PGP Fingerprint :	43DC 92AC 1A82 27B2 E97B  52F1 B60F 301A 38A9 A10C
PGP KeyID:		0x38A9A10C


-----Original Message-----
From: Bernhard Lüder [mailto:bl@xxxxxxxxxxx]
Sent: Tuesday, October 24, 2000 4:35 PM
To: Marshall, Joshua
Cc: SLUG user group
Subject: RE: [SLUG] Firewall dropping packets


have you done:

echo 1 > /proc/sys/net/ipv4/ip_forward

This will enable forwarding in the kernel (Gurus, please correct me, if I am
wrong.

In addition you might want to try to add this ipchains

/sbin/ipchains -A forward -j ACCEPT -s 10.10.10.0/24 -d 10.0.5.0/24 -b

not sure about the netmask. Is 10.0.0.0 a class A and therefore needs only
255.0.0.0?

Try also:

/sbin/ipchains -A forward -j ACCEPT -s 10.10.10.0/8 -d 10.0.5.0/8 -b

That should do it.

Bernhard


-----Original Message-----
From: slug-admin@xxxxxxxxxxx [mailto:slug-admin@xxxxxxxxxxx]On Behalf Of
Marshall, Joshua
Sent: Tuesday, October 24, 2000 5:15 PM
To: slug@xxxxxxxxxxx
Subject: [SLUG] Firewall dropping packets


Hi,

I'm having weird happenings on my firewall.

I have two ethernet connections, with this setup:

10.10.10.x LAN
     |
10.10.10.4 (eth0)
   Firewall
10.0.5.6 (eth1)
     |
10.0.5.10
   WAN
10.0.5.9
     |
10.0.5.5
   Firewall 2
10.0.1.x
     |
10.0.1.x LAN

The problem I'm having is forwarding data between the 10.0.5.6 eth1 to
the 10.10.10.x eth0. Packets are working fine for the rest of the
system.

On the firewall machine, I can successfully ping anything, anywhere.

The 10.10.10.x LAN cannot ping the system past 10.0.5.6 (which is
firewall) - every second packet is being dropped, no matter what the
size.

The 10.0.1.x LAN can ping to 10.0.5.6 also, but cannot ping past it.

The routing tables on the firewall say that the 10.0.5.x subnet is on
eth1, as is the 10.0.1.x subnet. I can ping these from the firewall so
that is working fine.

The routing tables on the firewall say that the 10.10.10.x subnet is on
eth0. I can ping these from the firewall also so that is working fine.

The ipchains rules (in, out, forward) accept the 10.x.x.x subnet on both
eth0 and eth1. These shouldn't be affecting it as half of the packets
get out. At least, the in and out are working fine - the forward one
isn't anything spectacular (accept 10.x.x.x on device eth0 or eth1)

For those interested, I need to have ipchains there as I have other
interfaces on this machine (three PPP dialups) that need firewalling.

Is there anything I've overlooked? This one is getting me beat.

Josh.



--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug



-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug