From: Alex Boag-Munroe (ajbm@ntlworld.com)
Date: Mon Nov 13 2000 - 12:37:14 PST
I just looked at your files and can confirm what Colin Tinker said,
PMFirewall is firewalling off anything from a 10.* IP range.
That said, I cannot understand why your service provider is using a private
address range. Your ifconfig shows that your 10.* IP is class A with the
subnet mask of 255.0.0.0. This is a private address range and is against the
TCP/IP standards to be used in public netspace.
You may well find yourself having other problems around the Internet, with
other people who do not allow private address ranges onto theirs. It could
cause problems on anyone's network using the 10.* IP range.
For example, if you had chosen to use a 10.* class A ip range yourself, there
is a good chance that eth0 would not have worked, or some other poor soul
connecting to the same provider would have had a problem, on account of
conflicting IP addresses (small chance I know with class A, but possible all
the same).
Hope this helps
Alex
On Monday 13 November 2000 18:28, you wrote:
> > Thanks to all those who answered. I will include a number of files with
> this message, but I would like to aswer a few questions posed by some of
> the people who answered.
>
> > The gentleman may have his cards the wrong way around according to
> > "standards", however, that won't be why pmfirewall isn't working surely!
>
> I don't think this is the problem since as I wrote, I am able to use
> "masqstart" and this works so I think the setup script did accept the
> **non-standard** stup. In any case, the eth0 and eth1 addresses were setup
> automatically by the HardDrake configuration utility on Mandrake. I do
> understand that I can manually change this, but I'm not anxious to do this
> if possible since aside from the Firewall itself, everything else (LAN,
> Masquerading, PPTP, etc is working and as they say
> --- If it ain't broke, don't fix it -- :-)
>
> > would also be helpful if you can state, more specifically, how your
> > connection to the ISP is setup: do you have a static IP address or do
>
> I connect to my ADSL provider using PPTP and the IP address is dynamic
>
> >to the service. The usual source of problems is that the networking
> >interfaces are not yet up while the ipchains configuration set by the
> >PMFirewall script is trying to locate the net configuration on the
> >system, which is not set up yet. If you have cable and DHCP, for
> >example, and the ISP's server is down for the moment you will not
> >receive an IP address and if PMFirewall is set to start up at boot time
>
> I run the pmfirewall script manually and NOT at boot time so this is
> probably not the problem
>
> >system, which is not set up yet. If you have cable and DHCP, for
>
> The files and outputs people asked for and a few more I thought might be
> helpful are attached. All the outputs are in a file called net-output. The
> rest are config files from the pmfirewall directory.
>
>
> Again - thanks to all.
>
>
> //-------------------------
> Shlomo Solomon
> E-Mail: solomon@barak-online.net
> http://come.to/shlomo.solomon
> Date: 13-Nov-2000 Time: 20:06:39
>
> Message sent by XFMail on a LINUX Mandrake 7.2 machine
> //-------------------------
----------------------------------------
Content-Type: application/octet-stream; charset="us-ascii";
name="pmfirewall.rules.masq"
Content-Transfer-Encoding: base64
Content-Description: pmfirewall.rules.masq
----------------------------------------
----------------------------------------
Content-Type: application/octet-stream; charset="us-ascii";
name="pmfirewall.rules.local"
Content-Transfer-Encoding: base64
Content-Description: pmfirewall.rules.local
----------------------------------------
----------------------------------------
Content-Type: application/octet-stream; charset="us-ascii";
name="pmfirewall.rules.1"
Content-Transfer-Encoding: base64
Content-Description: pmfirewall.rules.1
----------------------------------------
----------------------------------------
Content-Type: application/octet-stream; charset="us-ascii"; name="net-output"
Content-Transfer-Encoding: base64
Content-Description: net-output
----------------------------------------
****************************************************************************
* To UNSUBSCRIBE from the list, send a message with "unsubscribe pmfirewall"
* in the message body to majordomo@pointman.org. Please direct other
* questions, comments, or problems to pmfirewall-owner@pointman.org.
*
* Need answers fast? Check the list archive located at:
* http://www.pointman.org/PMFirewall/list-archive/
*
This archive was generated by hypermail 2b29 : Sun Jun 10 2001 - 02:37:44 PDT