I'm having trouble with linux kernel 2.4.0-test7 reguarding the
Networking
Options / IP: Netfilter Configuration / ipchains (2.2-style) support.
Here is
what I am experiencing:
First of all I have a Linux Router setup with Red Hat 6.2 and it has two
Ethernet interfaces. eth0 is responsible for internal traffic and eth1
is
connected to the ADSL modem. I basically start a normal PPPoE session
and my
ppp0 interface goes up perfectly. I have an IPCHAINS firewall script
that
allows me to masquerade connections to allow clients behind the firewall
to
access the Internet via allowed ports. I've tried PMFirewall from
www.pointman.org and I've tried a firewall.sh script (that I am using
now)
that I picked up from freshmeat.net.
Problems:
1) When using a linux client behind the firewall, I can browse to
www1.sympatico.ca using lynx no problem. However, when I use Netscape it
says
it's Transferring data from the site but nothing happens. It just sits
there.
This happens only for certain sites. For example, I've experienced it
for
www1.sympatico.ca, and www.sierra.com. Other sites like altavista.com
etc.
will work fine. This same problem happens from a Windows client. I can
see
some websites fine with a browser but with others I can't unless I
browse
directly from the firewall box or I use lynx on a linux client.
2) When trying to browse ftp sites I kept having odd port errors. I
noticed
an option in Internet Explorer that led me to believe I had to use
passive
mode transfer so I enabled the option and it worked no problem.
3) When I try to irc to efnet, it connects, authenticates via identd
thanks
to midentd on the firewall box, but just before it goes to display an
motd
message it hangs there and I can't do anything even though I'm online.
For
example, I'll try to join a channel and nothing happens. This happened
to me
in mIRC from a windows client and BitchX (modded ircii by panasync) for
Linux. However, I can go on Undernet and Dalnet just fine without any
problems. Ident works fine and even for efnet it worked fine but for
some
reason I can't get on efnet from clients behind the firewall. If I use
the
firewall box I can get on efnet no problem.
I think this is a problem reguarding the backwards compatibility code
for
IPCHAINS in 2.4.0-test7. I've tried different IPCHAINS scripts and I had
the
same problems. I've tried windows clients and linux clients (two
completely
different platforms running different programs) and the same problems
arose.
I was wondering if you have any solutions to my problem?
Here's some more information in case you need it:
eth0 - 192.168.1.1 - Used as default Gateway for clients (this is on a
10/100Mbps switch)
eth1 - 192.168.1.2 - Used to transfer data to/from ADSL modem (this is
connected directly to the ADSL modem)
ppp0 - This interface gets put up once a successful PPPoE session has
been
negotiated via Bell's Sympatico High Speed Edition ADSL service.
I have attached the current firewall script I am using now to give you
an
indication on how my firewall is currently setup. I use this command:
./firewall.sh ppp0 eth0
----------------------------------------
Brian Bisaillon <bbisaillon@xxxxxxxxx>
Website: http://webdata.dyndns.org
Computer Network Technology Student
Sault College of Applied Arts & Technology
---------------------------------------
firewall.sh
Description: Bourne shell script
|