[Cialug] Firewall question

Tom Sellers tsellers2009 at gmail.com
Mon Mar 6 23:44:08 CST 2017 

I ran the commands from the link -dc provided and
had an error on one listed belowWARNING: The state match is obsolete. Use
conntrack instead.
Found a web site that told me to use the below command instead.

iptables -A FORWARD -i eth0 -o eth1 -m conntrack   --ctstate
RELATED,ESTABLISHED -j ACCEPT

After running all 4 command lines without error I could still not ping
or get a name resolution on a
outside web site.





On Mon, Mar 6, 2017 at 4:36 PM, David Champion <dchamp1337 at gmail.com> wrote:

> There are a few things you need to do, like turn on NAT. Here's one example
> of how to do that.
>
> http://www.revsys.com/writings/quicktips/nat.html
>
> There are several linux and bsd distros specifically designed to act as a
> firewall with a nice front-end on them. Some distros may also have a config
> option like "network connection sharing" that will do these things for you.
>
> You'll want to get familiar with iptables and / or shorewall if you're
> going to run your own linux firewall.
>
> -dc
>
> On Mon, Mar 6, 2017 at 4:24 PM, Tom Sellers <tsellers2009 at gmail.com>
> wrote:
>
> > I am trying to insert a firewall between my cable modem and my wireless
> > access point.  The firewall is just a computer running a linux variant.
> > (Devil
> >
> > I can ping the outside world from the firewall machine keyboard and
> resolve
> > pings such as "ping www.yahoo.com" fine. The problem is that none of the
> > machines connected to the wireless access point either by wire or
> wireless
> > have any address resolution or internet access.
> >
> > Right now I have the network attached to my existing network for testing.
> >
> > For example:    Existing home network ---- firewall machine --- new
> > wireless router --- 3 test machines (two wireless and 1 cabled)
> >
> > The firewall gets a DHCP address from my existing network as it would
> from
> > my cable provider.  The other side of the firewall is set up with a fixed
> > IP connected to one of the ports on the new wireless router
> (192.168.9.254)
> > (wireless router is 192.168.9.1).
> >
> > I am not that familiar with all the command line IP commands but can
> verify
> > the IPs of the various devices.  it seems to me there is a route missing
> > that prevents the internal IP from talking to the external IP of the
> > firewall.
> >
> > Anyone out there that can enlighten me as a somewhat inexperienced linux
> > user?
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > http://cialug.org/mailman/listinfo/cialug
> >
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>

More information about the Cialug mailing list