[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] PMFirewall and IPChains: Traceroute Stops Working

Subject: [cobalt-users] PMFirewall and IPChains: Traceroute Stops Working
From: "Troy Arnold" <cobalt@xxxxxxxxxxxxxx>
Date: Wed Jan 16 16:23:11 2002
Organization: websetters, inc.
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hi again. Still can't get this firewall thing licked. But after further
research I realized that Gerald's recommendation didn't quite do the trick,
I was just being stupid and thought it did. The firewall was simply allowing
my ip (which has unrestricted access) to access all sites and services (even
the virtual sites). Began getting calls from clients (on my virtual sites as
soon as I turned on the firewall. Their email and web sites were down. So,
he got it working right... but it didn't resolve the virtual sites problem.

For testing I use an offsite traceroute through a browser. As soon as I run
pmfirewall start, traceroute stops finding my virtual sites. Traceroute will
find the main ip (and domain name) of the box (different subnet than virtual
sites) successfully but none of my virtual sites (which are on a different
subnet, xxx.xxx.xxx.xxx is the main boxes ip, xxx.xxx.xxy.xxx are the
virtual sites) can be found via traceroute. I can still see everything,
access all services... but no other users can see or access the virtual
sites. Strangely, my main ip can be accessed by anyone through the web. So I
am assuming my rules aren't allowing the additional subnet ips.

This happens utilizing either one of the following pmfirewall.conf files
(have tried several).
Pmfirewall Generated, pmfirewall.conf:
#!/bin/sh
# pmfirewall.conf - used by pmfirewall package
IPCHAINS=/sbin/ipchains
ATBOOT=1
CONFIG_DIR=/usr/local/pmfirewall
OUTERIF=eth0
REMOTENET=0/0
OUTERIP=`ifconfig $OUTERIF | grep inet | cut -d : -f 2 | cut -d \  -f 1`
OUTERMASK=`ifconfig $OUTERIF | grep Mas | cut -d : -f 4`
OUTERNET=$OUTERIP/$OUTERMASK

Gerald's Recommendation, Modified pmfirewall.conf:
IPCHAINS=/sbin/ipchains
ATBOOT=1
CONFIG_DIR=/usr/local/pmfirewall
OUTERIF=eth0
REMOTENET=0/0
OUTERIP=`ifconfig $OUTERIF | grep inet | cut -d : -f 2 | cut -d \  -f 1`
# OUTERMASK=`ifconfig $OUTERIF | grep Mas | cut -d : -f 4`
# OUTERNET=$OUTERIP/$OUTERMASK
OUTERNET=$OUTERIP/255.255.255.0

Should I post my actual rules? Desperately need to get this resolved and
can't seem to figure out the problem. Sorry for the continued (newby)
questions... but argghh... why won't this work? It seems like it should be
so simple. Feeling like an idiot, any assistance would be gratefully
accepted. Thanks in advance.

Argghhh,
Troy Arnold
websetters, inc

Follow-Ups:
- Re: [cobalt-users] PMFirewall and IPChains: Traceroute Stops Working
  - From: Gerald Waugh

Prev by Date: [cobalt-users] Re:Relaying denied / POP before relay
Next by Date: Re: [cobalt-users] Webcalendar/ file store software.
Previous by thread: Re: [cobalt-users] PMFirewall and IPChains: Traceroute Stops Working
Next by thread: Re: [cobalt-users] PMFirewall and IPChains: Traceroute Stops Working

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index