DMZ and iptables breaks my head!!! Avanced Help please!!!!
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
And I hope you know, to connect 2 NIC you need to use cross-over cable. Not straight.
But, if can connect from LAN, I do not understand why you can't do it from firewall.
In any case you can stop firewall completely (disconnect eth0 before) and try to telnet.
Yes, of course, there are a crossover cable between eth2 firewall --> eth0 server...
Well (or bad... ) I tested all you asked and:
---- With rules ACCEPT on firewall that you asked
- pinging from firewall (192...111.1) to server 192...222.22, OK, reply to pinging is right.
- ping from server (192...222.22) to firewall eth2 (192.168.222.21) NOTHING, blank....
Also, ping INTO SAME firewall (192....111.1) to NIC eth2 (192...222.21) NOTHING...
Later, I disconected eth0 on firewall and I clean all chains and rules, after I set ALL ACCEPT chains without any rule, the pinging to eth2, TOO get NOTHING...
Yes, of course, there are a crossover cable between eth2 firewall --> eth0 server...
Well (or bad... ) I tested all you asked and:
- pinging from firewall (192...111.1) to server 192...222.22, OK, reply to pinging is right.
- ping from server (192...222.22) to firewall eth2 (192.168.222.21) NOTHING, blank....
Also, ping INTO SAME firewall (192....111.1) to NIC eth2 (192...222.21) NOTHING...
I changed my post.
Can you please post exact outputs for ping on firewall:
1. ping 192.168.111.1
2. ping 192.168.222.21
Then do:
route del -net 0.0.0.0 gw 192.168.111.1
route del -net 0.0.0.0 gw 192.168.222.21
route add -net 127.0.0.0 netmask 255.0.0.0 gw 0.0.0.0 lo
ifconfig eth1 192.168.111.1 up
ifconfig eth2 192.168.222.21 up
There is a pattern that repeats in the testing, whatever the firewall script that is active, or when was iptables -F, iptables -X at the moment of testing.
That is: on server firewalled with 3 NIC only two ping commands gets answer:
ping 192.168.222.22 (IP of webserver DMZ)
ping yahoo.com (or either world outside)
OTHERS ALL ping (127.0.0.1 192.168.111.1 192.168.222.21 ...) gets null replies or (when firewall script original preloaded is active) the reply is "SENDMSG: OPERATION NOT PERMITED".
Do please, on computer with 3 NIC do:
1. Disconnect cable from Eth0
2. Turn OFF firewall
3. Do ifconfig eth1 | grep inet, post output
4. Do ifconfig eth2 | grep inet, post output
3. ping 192.168.111.1
2. ping 192.168.222.21
Please post EXACT output of these ping, I want to know how they looks like
Example:
bbb@linux-xmc2:> ping 192.168.1.125
PING 192.168.1.125 (192.168.1.125) 56(84) bytes of data.
Do please, on computer with 3 NIC do:
1. Disconnect cable from Eth0
2. Turn OFF firewall
3. Do ifconfig eth1 | grep inet, post output
4. Do ifconfig eth2 | grep inet, post output
3. ping 192.168.111.1
2. ping 192.168.222.21
Please post EXACT output of these ping, I want to know how they looks like
Example:
bbb@linux-xmc2:> ping 192.168.1.125
PING 192.168.1.125 (192.168.1.125) 56(84) bytes of data.
Additionally, what inside of /etc/hosts ?
Thanks.
1. Disconnect cable from Eth0 --> DONE
2. Turn OFF firewall --> DONE (in Debian there are not turn off or stop, must be script like this:
-----------------------------------------
IPTABLES=/sbin/iptables
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.