Re: [Fwbuilder-discussion] can not get trough firewall even though last rule is any any any permit i
Brought to you by:
mikehorn
From: Vadim K. /r/ <va...@vk...> - 2003-10-28 19:55:49
|
On Tuesday, October 28, 2003, at 11:42 AM, Jim wrote: > I checked and packet forwarding is enabled. My last rule is any any > any > accept, so nothing should be denied correct? > correct, provided iptables uses connection tracking module. > Below is the output I recieve when I execute the script, I do not think > this would stop the script from working or is this the root of the > problem? What else should I check to see why I can not get from a > workstation on the internal side to the external side. > > > Nothing to flush. > ./health.fw: cd: /lib/modules/2.4.22/kernel/net/ipv4/netfilter/: No > such > file or directory > ls: *_conntrack_*: No such file or directory > yes, this might be a problem. Did you recompile your kernel yourself ? The netfilter code needs to be either compiled as modules, or built in the kernel. Since directory "/lib/modules/2.4.22/kernel/net/ipv4/netfilter/" does not exist, it is obviously not compiled as a module. --vk > > Also below is the output from ifconfig: not sure what eth1:FWB1 means? > > ifconfig > eth0 Link encap:Ethernet HWaddr 00:50:DA:5B:86:4F > inet addr:10.10.1.110 Bcast:10.10.255.255 Mask:255.255.0.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:30647 errors:0 dropped:0 overruns:1 frame:0 > TX packets:5432 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:100 > RX bytes:2798972 (2.6 MiB) TX bytes:1595198 (1.5 MiB) > Interrupt:11 Base address:0x1400 > > eth1 Link encap:Ethernet HWaddr 00:04:5A:7D:BB:43 > inet addr:161.223.4.161 Bcast:161.223.4.255 > Mask:255.255.255.128 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:11940 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:548 dropped:0 overruns:0 carrier:1096 > collisions:0 txqueuelen:100 > RX bytes:2363159 (2.2 MiB) TX bytes:0 (0.0 b) > Interrupt:11 Base address:0x1000 > > eth1:FWB1 Link encap:Ethernet HWaddr 00:04:5A:7D:BB:43 > inet addr:161.223.4.183 Bcast:161.223.4.255 > Mask:255.255.255.128 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:11 Base address:0x1000 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:8 errors:0 dropped:0 overruns:0 frame:0 > TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:560 (560.0 b) TX bytes:560 (560.0 b) > > > > Jim > > > > On Tue, 2003-10-28 at 12:21, Vadim Kurland /r/ wrote: >> On Tuesday, October 28, 2003, at 10:23 AM, Jim wrote: >> >>> I have created a firewall script with fwbuilder and I have some >>> clients >>> on my internal network that need to telnet and have http acccess >>> through >>> the external network. I can not telnet to the IP I want to nor can I >>> ping the host. >>> >>> >>> Although I can ping the IP in question directly from the firewall. >>> >>> Do I need to do something to enable routing from one nic to the >>> other? >>>> From one network to the other? >>>> >> >> one thing to check is whether ip forwarding is turned on. There is a >> GUI control for it in the "Network" tab of the firewall object dialog. >> >> there is a brief list of things to check here: >> http://www.fwbuilder.org/archives/cat_troubleshooting.html >> >> --vk >> |