Thread: [Fwbuilder-discussion] Bridge problem fixed, but....
Brought to you by:
mikehorn
From: <br...@br...> - 2003-08-28 17:55:14
|
Thanks to everyone who replied. Great suggestions, however they didn't fix the problem :-( I was, however, able to get things to the way they should be by commenting out: $IPTABLES -P OUTPUT DROP $IPTABLES -P INPUT DROP $IPTABLES -P FORWARD DROP at the beginning of the script. Since I have the "catch all" rule at the end, I think these aren't necessary. I thought it was a routing problem because the dropped packets we're being logged (and I had logging set on all of my deny rules). This begs a second question, however...where is this coming from? I'd like to be able to turn this off in the GUI, but I'm not sure where it is! It's not part the policy I have defined on the fw. Any ideas? Thanks again for such a great tool! Brady > > > > > I have a bridging firewall set up between a T1 and our internal > > > network. > > > I have fwbuilder configured for bridge capability and I have "unumbered > > > interfaces" checked in the per-interface section. > > We use a bridging firewall like this. I don't have "unumbered interfaces" > checked and it works fine. Try unchecking that. Also, make sure that you > assign an IP to br0, and allow SSH to the firewall object in the rules. > Druid can help you with that if you need it. > > Trey Nolen |
From: Vadim K. /r/ <va...@vk...> - 2003-08-28 21:01:53
|
On Thursday, August 28, 2003, at 10:55 AM, br...@br... wrote: > Thanks to everyone who replied. Great suggestions, however they > didn't fix the > problem :-( I was, however, able to get things to the way they should > be by > commenting out: > > > $IPTABLES -P OUTPUT DROP > $IPTABLES -P INPUT DROP > $IPTABLES -P FORWARD DROP > > at the beginning of the script. Since I have the "catch all" rule at > the end, I > think these aren't necessary. I thought it was a routing problem > because the > dropped packets we're being logged (and I had logging set on all of my > deny > rules). This begs a second question, however...where is this coming > from? I'd > like to be able to turn this off in the GUI, but I'm not sure where it > is! It's > not part the policy I have defined on the fw. Any ideas? > you can't turn it off. But, since you say dropped packets were logged, I am confused. The rules you removed set the default policy for the standard chains, and packets that are dropped by the default policy are never logged. What version of fwbuilder you are using ? P.S. This mailing list allows postings only from its members. I suggest you subscribe the list, otherwise your postings get in a queue and I need to submit each one manually. --vk > Thanks again for such a great tool! > > Brady > > >>> >>>> I have a bridging firewall set up between a T1 and our internal >>>> network. >>>> I have fwbuilder configured for bridge capability and I have >>>> "unumbered >>>> interfaces" checked in the per-interface section. >> >> We use a bridging firewall like this. I don't have "unumbered >> interfaces" >> checked and it works fine. Try unchecking that. Also, make sure that >> you >> assign an IP to br0, and allow SSH to the firewall object in the >> rules. >> Druid can help you with that if you need it. >> >> Trey Nolen > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Fwbuilder-discussion mailing list > Fwb...@li... > https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion |