I am using Red Hat Linux 6.2 (zoot) on i386.
I have three ne2000 ethernet cards, and have the computer
configured as a firewall / NAT. I setup the chain rules similiar to the
document "Securing and Optimizing Linux ..." found on the Guides
page of www.linuxdoc.org.
It appears the third network card causes unstable routing issues.
The masquarded computers behind the firewall can always see the
internet, however the outside world can sometimes ping inside, and
sometimes not.
I have noticed that when I have problems pinging or connecting to
the SSH server (on the firewall) from the outsideIf, IPchains and
route have problems as well. When I list the ipchains "ipchains -L"
it hangs at some point in the list. The same for calling "route" it
will stall part way through the list.
When I have no problems pinging or SSHing, then the same
configuration will properly list all the IPchain rules and show the
current route table.
It should be noted that I have input packets DENY by policy
default, and specifically allow 1024:65535 plus access from the
DNS server, and a few other key ports. (I think ICMP are allowed
back too).
Here is where it gets interesting. If I reboot after it hangs, it will not
allow trafic in remotely (but will still masquarade correctly). If I
flush all the chain rules, the route and ipchain list will work
correctly. Then If I recall the firewall rules (put all the chain rules
back into place), sometimes it will work correctly (allow traffic in
and out), and sometimes it will "hang"
Any suggestions?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Aug 07 2000 - 21:00:11 EST