[ale] IP-Forwarding

Robert L Harris nomad at rocky.orci.com
Mon Oct 6 10:16:07 EDT 1997 

Ok,
  Any idea why I can't ping outside my firewall?  Also, my diald isn't
dialing.  I'm using the rpm package from redhat.  Here's my diald.conf

------------------------------------------
#mode ppp
accounting-log /var/log/diald
device /dev/ttyS1
connect "/usr/local/bin/diald-orci"
lock
speed 115200
modem
crtscts
debug VERBOSE
defaultroute
local  206.168.154.16
remote 206.168.154.253
include /usr/lib/diald/standard.filter
------------------------------------------

and here's my dial script.  The script works
fine on it's own, just not with diald.  Note,
I've removed the call to pppd, but it's not even
dialing.
------------------------------------------
#!/bin/sh
#
#       "orci" ppp utility

DEVICE=modem
PHONE=62327161111\&62327161111

( /bin/setserial /dev/$DEVICE spd_vhi
  /bin/stty 115200 -tostop
  if /usr/sbin/chat -v ABORT "NO CARRIER" ABORT "BUSY" ABORT "NO DIALTONE" "" AT at B0=2\&D2 OK ATDT$PHONE CONNECT ""
  then
    /usr/sbin/pppd defaultroute /dev/$DEVICE
  exit 0
fi
) < /dev/$DEVICE > /dev/$DEVICE
------------------------------------------


> 
> Robert,
> The commands below are a basic firewall. It allows no connections that 
> don't originate from the local net. Only traffic from the inside to out.
> 
> I use this and diald for my network, and it works great. One word of
> advice, set up a DNS server for your private network. I found that with
> my machines looking outside for DNS, diald was picking up the phone line
> at odd times. I fired up dctrl on the forwarding box and saw flurries of
> DNS queries. All the hosts were configured to use /etc/hosts before bind, but
> whenever a local telnet or ftp session was opened, the server process would
> attempt to do a lookup on the originating IP. At least I am guessing that
> this was what was causing it. I set up a local name server, and diald is 
> happy. 
> 
> Goos luck,
> jay
> 
> On 05-Oct-97 Robert L Harris was heard to have said:
> |>> 
> |>> Robert,
> |>> Is the use of ipfwadm required to get forwarding to work? I use it at home
> |>> and have never had a problem. In rc.local I have:
> |>> 
> |>> /sbin/ipfwadm -F -p deny
> |>> /sbin/ipfwadm -F -a m -S 192.168.0.0/24 -D 0.0.0.0/0
> |>> 
> |>> where 192.168.0.0 is the local net. 
> |>> Don't know if this helps. God luck,
> |>> Jay
> |>> 
> |>
> |>This did exactly what I needed.  Thanks,  I'll worry about firewalling out
> |>the net later.  Now to get diald working.
> |>
> |>Robert

---------------------------------------------------------------------------
Robert L. Harris          |    If NT is the answer,
System Engineer For Hire. \_     you don't understand the question.
 
Email:
Robert at ast.lmco.com
http://www.orci.com/~nomad
  
DISCLAIMER:
  These are MY OPINIONS ALONE.  I speak for no-one else.
   
perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'

More information about the Ale mailing list