From: Patrick Benson (benson@chello.se)
Date: Mon Nov 13 2000 - 04:38:21 PST
Alex Boag-Munroe wrote:
>
> The gentleman may have his cards the wrong way around according to
> "standards", however, that won't be why pmfirewall isn't working surely!
>
> Alex Boag-Munroe
That wasn't really the point, Alex. I don't think anyone would actually
know until Shlomo says how his IP address is assigned: ie, either
through DHCP, in which he receives an address from his Internet Service
Provider or by a static address that was given to him when he subscribed
to the service. The usual source of problems is that the networking
interfaces are not yet up while the ipchains configuration set by the
PMFirewall script is trying to locate the net configuration on the
system, which is not set up yet. If you have cable and DHCP, for
example, and the ISP's server is down for the moment you will not
receive an IP address and if PMFirewall is set to start up at boot time
it will generate a long list with 'invalid mask..' messages because it
can't locate the external interface's address assigned by the ISP, there
isn't any......Since Shlomo's connection is working fine without the
firewall script running, it's not about a faulty interface configuration
but has to do with the PMFirewall script conflicting with his
interfaces. That was the point that I was addressing. Look in
pmfirewall.rules.local, at the beginning, and you will see internal
subnet ranges that are set to DENY, in order to prevent internal
addresses entering in on the external interface, blocking non-routable
IP's. If you have the external interface set to eth1 and the internal to
eth0, there will be problems with those addresses, sooner or later. Any
networking program that you will install will look for these two pairs
of interfaces for networking: external=pppo internal=eth0, external=eth0
internal=eth1. It's for reasons with compatability, there are so many
different kinds of systems out there that must be able to share some
sort of rules in order to function properly, together. In order to send
this e-mail I'm using TCP, not IPX. It wouldn't come through. This is
probably one of the reasons why Shlomo may be having problems with
PMFirewall getting to run, the net configuration says one thing while
his PMFirewall configuration says another....
-- Patrick Benson Stockholm, Sweden **************************************************************************** * To UNSUBSCRIBE from the list, send a message with "unsubscribe pmfirewall" * in the message body to majordomo@pointman.org. Please direct other * questions, comments, or problems to pmfirewall-owner@pointman.org. * * Need answers fast? Check the list archive located at: * http://www.pointman.org/PMFirewall/list-archive/ *
This archive was generated by hypermail 2b29 : Sun Jun 10 2001 - 02:37:43 PDT