Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm new in this game and have come to the point where i have pulled most of my hair out... I am trying to setup a linux box on a small network, to do several jobs. The first of these jobs is to act as a firewall for the network.
I am running RH 7.0
eth0 is the internal network device 192.168.1.1
eth1 is the external network device 10.166.102.250
Windows 98 machine 192.168.1.10
After running the following script i can ping successfully from my windows machine both addresses of my linux box, and external web addresses. I can also ping web addresses (www.yahoo.com) from my windows machine so i know DNS is working. The problem is i can't seem to get my web broswer to work on my windows machine. it seems to e able to get the IP number, but doesn't load the web page.
The web browser on my linux box works fine.
Also when I run "firewall status" i recieve the following message: "firewall dead but subsys locked"
If anyone out there can help me that would be wonderful!
ipchains -A input -s 0.0.0.0/0 -d 0.0.0.0/0 -l -j DENY
echo "Setting new output rules"
echo -n "output..."
# Outgoing, flush and set default policy of deny.
ipchains -F output
ipchains -P output DENY
# local interface, any source going to local net is valid
#ipchains -A output -i $INTDEV -s 0.0.0.0/0 -d $INTNET/24 -j ACCEPT
ipchains -A output -i $INTDEV -s 0.0.0.0/0 -d $INTNET/24 -j ACCEPT
# loopback interface is valid.
# ipchains -A output -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
ipchains -A output -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
# outgoing to local net on remote interface: stuffed routing, deny
ipchains -A output -i $EXTDEV -s 0.0.0.0/0 -d $INTNET/24 -j DENY
# outgoing from local net on remote interface: stuffed masq, deny
ipchains -A output -i $EXTDEV -s $INTNET/24 -d 0.0.0.0/0 -j DENY
# anything else outgoing on remote interface is valid
#ipchains -A output -i $EXTDEV -d 0.0.0.0/0 -j ACCEPT
ipchains -A output -i $EXTDEV -s $EXTERNALIP/32 -d 0.0.0.0/0 -j ACCEPT
ipchains -A output -s 0.0.0.0/0 -d 0.0.0.0/0 -l -j DENY
echo "Done with the firewall rulesets"
echo -n "acct..."
"firewall dead but subsys locked" means it's DOA, but the process can't remove the PID at /var/lock/subsys/firewall.
Try to see if ipchains is running issue "pidof ipchains".
if it aint, check the binary first, then the startup part of the script itself.
if this script is in /etc/rc.d/init.d IMHO its dead wrong, it should only point to stuff to start/stop and the ipchains script itself should be detached from those routines; easier to maintain/test, harder to snafu the startup script :-]
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.