<html><head><meta name="qrichtext" content="1" /></head><body style="font-size:8pt;font-family:helvetica">
<p></p>
<p><span style="font-family:Lucida Console">Hi,</span></p>
<p></p>
<p><span style="font-family:Lucida Console">Sorry about the delay to respond your email.</span></p>
<p></p>
<p><span style="font-family:Lucida Console">I'm a newbie in the philosophy proposed by FireHol.</span></p>
<p></p>
<p><span style="font-family:Lucida Console">This is my simplified topology:</span></p>
<p></p>
<p><span style="font-family:Lucida Console"> Internet</span></p>
<p><span style="font-family:Lucida Console"> |</span></p>
<p><span style="font-family:Lucida Console"> | XXX.XXX.20.98 (IP by my Provider with Routing my B Class IPs)</span></p>
<p><span style="font-family:Lucida Console"> +-------+-------+</span></p>
<p><span style="font-family:Lucida Console"> | Cisco |</span></p>
<p><span style="font-family:Lucida Console"> |External Router|</span></p>
<p><span style="font-family:Lucida Console"> | BBB.BBB.252.1 |</span></p>
<p><span style="font-family:Lucida Console"> +-------+-------+</span></p>
<p><span style="font-family:Lucida Console"> |</span></p>
<p><span style="font-family:Lucida Console"> |</span></p>
<p><span style="font-family:Lucida Console"> | BBB.BBB.252.0/30</span></p>
<p><span style="font-family:Lucida Console"> |</span></p>
<p><span style="font-family:Lucida Console"> |eth1</span></p>
<p><span style="font-family:Lucida Console"> +-------+-------+</span></p>
<p><span style="font-family:Lucida Console"> | BBB.BBB.252.2 |</span></p>
<p><span style="font-family:Lucida Console"> ---| fw-sr004 |--- (Firewall/Router with FireHol)</span></p>
<p><span style="font-family:Lucida Console"> | BBB.BBB.4.2 |</span></p>
<p><span style="font-family:Lucida Console"> +---------------+</span></p>
<p><span style="font-family:Lucida Console"> |eth0</span></p>
<p><span style="font-family:Lucida Console"> |</span></p>
<p><span style="font-family:Lucida Console"> | BBB.BBB.4.0/22 (Backbone)</span></p>
<p><span style="font-family:Lucida Console"> |</span></p>
<p><span style="font-family:Lucida Console"> +------------------+----------+-----------+----------------------+</span></p>
<p><span style="font-family:Lucida Console"> | ... | | ... |</span></p>
<p><span style="font-family:Lucida Console"> | | | |</span></p>
<p><span style="font-family:Lucida Console"> +---------------+ +-------+-------+ +-------+-------+ +-------+-------+</span></p>
<p><span style="font-family:Lucida Console"> | BBB.BBB.4.110 | | BBB.BBB.4.111 | | BBB.BBB.4.10 | | BBB.BBB.4.11 |</span></p>
<p><span style="font-family:Lucida Console"> | server-1 | | Server-2 | | Gate-8 | | Gate-12 |</span></p>
<p><span style="font-family:Lucida Console"> | Windows | | Linux | | BBB.BBB.8.1 | | BBB.BBB.12.1 |</span></p>
<p><span style="font-family:Lucida Console"> +---------------+ +---------------+ +-------+-------+ +-------+-------+</span></p>
<p><span style="font-family:Lucida Console"> | |</span></p>
<p><span style="font-family:Lucida Console"> | |</span></p>
<p><span style="font-family:Lucida Console"> +-------------------------------+ +-------------------------------+</span></p>
<p><span style="font-family:Lucida Console"> | BBB.BBB.8.0/22 | | BBB.BBB.12.0/22 |</span></p>
<p><span style="font-family:Lucida Console"> | | | |</span></p>
<p><span style="font-family:Lucida Console"> +-------+-------+ +-------+-------+ +-------+-------+ +-------+-------+</span></p>
<p><span style="font-family:Lucida Console"> | BBB.BBB.8.10 | | BBB.BBB.8.n | | BBB.BBB.12.10 | | BBB.BBB.12.n |</span></p>
<p><span style="font-family:Lucida Console"> | user-08-1 | ... ... | user-08-n | | user-12-1 | ... ... | user-12-n |</span></p>
<p><span style="font-family:Lucida Console"> | | | | | | | |</span></p>
<p><span style="font-family:Lucida Console"> +---------------+ +---------------+ +---------------+ +---------------+</span></p>
<p></p>
<p><span style="font-family:Lucida Console">The machine where I instaled FireHol (fw-sr004) is a Pentium IV 3.0Ghz</span></p>
<p><span style="font-family:Lucida Console">running Fedora Core 3. The following static routes was made to this machine</span></p>
<p><span style="font-family:Lucida Console">work as a old Gateway/router (this machine was an old bad obsolete CISCO</span></p>
<p><span style="font-family:Lucida Console">router) in that topology:</span></p>
<p></p>
<p><span style="font-family:Lucida Console">1) In machine fwce-sr004:</span></p>
<p><span style="font-family:Lucida Console">Interfaces</span></p>
<p><span style="font-family:Lucida Console">eth0 Link encap:Ethernet HWaddr 00:11:43:D7:34:53</span></p>
<p><span style="font-family:Lucida Console"> inet addr:BBB.BBB.4.2 Bcast:BBB.BBB.7.255 Mask:255.255.252.0</span></p>
<p><span style="font-family:Lucida Console"> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</span></p>
<p></p>
<p><span style="font-family:Lucida Console">eth1 Link encap:Ethernet HWaddr 00:11:43:D7:34:54</span></p>
<p><span style="font-family:Lucida Console"> inet addr:BBB.BBB.252.2 Bcast:BBB.BBB.252.3 Mask:255.255.255.252</span></p>
<p><span style="font-family:Lucida Console"> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</span></p>
<p></p>
<p><span style="font-family:Lucida Console">Kernel IP routing table</span></p>
<p><span style="font-family:Lucida Console">Destination Gateway Genmask Flags MSS Window irtt Iface</span></p>
<p><span style="font-family:Lucida Console">BBB.BBB.8.0 BBB.BBB.4.10 255.255.252.0 UG 0 0 0 eth0</span></p>
<p><span style="font-family:Lucida Console">BBB.BBB.12.0 BBB.BBB.4.11 255.255.252.0 UG 0 0 0 eth0</span></p>
<p><span style="font-family:Lucida Console">BBB.BBB.4.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0</span></p>
<p><span style="font-family:Lucida Console">0.0.0.0 BBB.BBB.252.1 0.0.0.0 UG 0 0 0 eth1</span></p>
<p></p>
<p><span style="font-family:Lucida Console">2) In machine gate-8:</span></p>
<p><span style="font-family:Lucida Console">Interfaces</span></p>
<p><span style="font-family:Lucida Console">eth0 Link encap:Ethernet HWaddr 00:10:5A:CA:3D:53</span></p>
<p><span style="font-family:Lucida Console"> inet addr:BBB.BBB.4.10 Bcast:BBB.BBB.7.255 Mask:255.255.252.0</span></p>
<p><span style="font-family:Lucida Console"> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</span></p>
<p></p>
<p><span style="font-family:Lucida Console">eth1 Link encap:Ethernet HWaddr 00:10:5A:CA:C7:2C</span></p>
<p><span style="font-family:Lucida Console"> inet addr:BBB.BBB.8.1 Bcast:BBB.BBB.11.255 Mask:255.255.252.0</span></p>
<p><span style="font-family:Lucida Console"> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</span></p>
<p></p>
<p><span style="font-family:Lucida Console">Kernel IP routing table</span></p>
<p><span style="font-family:Lucida Console">Destination Gateway Genmask Flags MSS Window irtt Iface</span></p>
<p><span style="font-family:Lucida Console">BBB.BBB.4.10 0.0.0.0 255.255.255.255 UH 0 0 0 eth0</span></p>
<p><span style="font-family:Lucida Console">BBB.BBB.8.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth1</span></p>
<p><span style="font-family:Lucida Console">BBB.BBB.4.0 BBB.BBB.4.10 255.255.252.0 UG 0 0 0 eth0</span></p>
<p><span style="font-family:Lucida Console">BBB.BBB.4.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0</span></p>
<p><span style="font-family:Lucida Console">BBB.BBB.8.0 BBB.BBB.8.1 255.255.252.0 UG 0 0 0 eth1</span></p>
<p><span style="font-family:Lucida Console">BBB.BBB.8.0 0.0.0.0 255.255.252.0 U 0 0 0 eth1</span></p>
<p><span style="font-family:Lucida Console">127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo</span></p>
<p><span style="font-family:Lucida Console">0.0.0.0 BBB.BBB.4.2 0.0.0.0 UG 0 0 0 eth0</span></p>
<p></p>
<p><span style="font-family:Lucida Console">3) In machine gate-12:</span></p>
<p><span style="font-family:Lucida Console">Interfaces</span></p>
<p><span style="font-family:Lucida Console">eth0 Link encap:Ethernet HWaddr 00:10:5A:CA:3D:58</span></p>
<p><span style="font-family:Lucida Console"> inet addr:BBB.BBB.4.11 Bcast:BBB.BBB.7.255 Mask:255.255.252.0</span></p>
<p><span style="font-family:Lucida Console"> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</span></p>
<p></p>
<p><span style="font-family:Lucida Console">eth1 Link encap:Ethernet HWaddr 00:10:5A:CA:C7:E7</span></p>
<p><span style="font-family:Lucida Console"> inet addr:BBB.BBB.12.1 Bcast:BBB.BBB.15.255 Mask:255.255.252.0</span></p>
<p><span style="font-family:Lucida Console"> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</span></p>
<p><span style="font-family:Lucida Console">Kernel IP routing table</span></p>
<p><span style="font-family:Lucida Console">Destination Gateway Genmask Flags MSS Window irtt Iface</span></p>
<p><span style="font-family:Lucida Console">BBB.BBB.4.11 0.0.0.0 255.255.255.255 UH 0 0 0 eth1</span></p>
<p><span style="font-family:Lucida Console">BBB.BBB.12.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0</span></p>
<p><span style="font-family:Lucida Console">BBB.BBB.4.0 BBB.BBB.4.11 255.255.252.0 UG 0 0 0 eth1</span></p>
<p><span style="font-family:Lucida Console">BBB.BBB.4.0 0.0.0.0 255.255.252.0 U 0 0 0 eth1</span></p>
<p><span style="font-family:Lucida Console">BBB.BBB.12.0 BBB.BBB.12.1 255.255.252.0 UG 0 0 0 eth0</span></p>
<p><span style="font-family:Lucida Console">BBB.BBB.12.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0</span></p>
<p><span style="font-family:Lucida Console">127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo</span></p>
<p><span style="font-family:Lucida Console">0.0.0.0 BBB.BBB.4.2 0.0.0.0 UG 0 0 0 eth1</span></p>
<p></p>
<p><span style="font-family:Lucida Console">4) In machine server-1:</span></p>
<p><span style="font-family:Lucida Console">Interfaces</span></p>
<p><span style="font-family:Lucida Console">eth0 Link encap:Ethernet HWaddr 00:C0:F0:17:DF:DD</span></p>
<p><span style="font-family:Lucida Console"> inet addr:BBB.BBB.4.111 Bcast:BBB.BBB.7.255 Mask:255.255.252.0</span></p>
<p><span style="font-family:Lucida Console"> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</span></p>
<p></p>
<p><span style="font-family:Lucida Console">eth0:0 Link encap:Ethernet HWaddr 00:C0:F0:17:DF:DD</span></p>
<p><span style="font-family:Lucida Console"> inet addr:BBB.BBB.4.112 Bcast:BBB.BBB.7.255 Mask:255.255.252.0</span></p>
<p><span style="font-family:Lucida Console"> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</span></p>
<p><span style="font-family:Lucida Console">Kernel IP routing table</span></p>
<p><span style="font-family:Lucida Console">Destination Gateway Genmask Flags MSS Window irtt Iface</span></p>
<p><span style="font-family:Lucida Console">BBB.BBB.8.0 BBB.BBB.4.10 255.255.252.0 UG 0 0 0 eth0</span></p>
<p><span style="font-family:Lucida Console">BBB.BBB.12.0 BBB.BBB.4.11 255.255.252.0 UG 0 0 0 eth0</span></p>
<p><span style="font-family:Lucida Console">BBB.BBB.4.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0</span></p>
<p><span style="font-family:Lucida Console">127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo</span></p>
<p><span style="font-family:Lucida Console">0.0.0.0 BBB.BBB.4.2 0.0.0.0 UG 0 0 0 eth0</span></p>
<p></p>
<p><span style="font-family:Lucida Console">5) In machine server-2 ... server-n (no static routing in this old machines):</span></p>
<p><span style="font-family:Lucida Console">eth0 Link encap:Ethernet HWaddr 00:C0:F0:xx:xx:xx</span></p>
<p><span style="font-family:Lucida Console"> inet addr:BBB.BBB.4.110 Bcast:BBB.BBB.7.255 Mask:255.255.252.0</span></p>
<p><span style="font-family:Lucida Console"> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</span></p>
<p></p>
<p><span style="font-family:Lucida Console">Kernel IP routing table</span></p>
<p><span style="font-family:Lucida Console">Destination Gateway Genmask Flags MSS Window irtt Iface</span></p>
<p><span style="font-family:Lucida Console">BBB.BBB.4.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0</span></p>
<p><span style="font-family:Lucida Console">127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo</span></p>
<p><span style="font-family:Lucida Console">0.0.0.0 BBB.BBB.4.2 0.0.0.0 UG 0 0 0 eth0</span></p>
<p></p>
<p><span style="font-family:Lucida Console">6) In client machines:</span></p>
<p><span style="font-family:Lucida Console">Using the default Routing when install windows or Linux in this machines.</span></p>
<p></p>
<p></p>
<p><span style="font-family:Lucida Console">Before installing the FireHol firewall all clients/servers(Windows/Linux) in</span></p>
<p><span style="font-family:Lucida Console">any of gateways subnets obtain talk between itself in any of subnets.</span></p>
<p></p>
<p><span style="font-family:Lucida Console">After to install and start Firehol with following configuration:</span></p>
<p></p>
<p><span style="font-family:Lucida Console">#!/etc/init.d/firehol</span></p>
<p></p>
<p><span style="font-family:Lucida Console">lan_ip="BBB.BBB.4.2"</span></p>
<p><span style="font-family:Lucida Console">lan_interface="eth0"</span></p>
<p></p>
<p><span style="font-family:Lucida Console">wan_ip="BBB.BBB.252.2"</span></p>
<p><span style="font-family:Lucida Console">wan_interface="eth1"</span></p>
<p></p>
<p><span style="font-family:Lucida Console">my_valid_nets="BBB.BBB.4.0/22 BBB.BBB.8.0/22 BBB.BBB.12.0/22"</span></p>
<p><span style="font-family:Lucida Console">my_nets="BBB.BBB.0.0/16"</span></p>
<p><span style="font-family:Lucida Console">my_internal_proxy_with_port_redirect_servers="BBB.BBB.4.2"</span></p>
<p></p>
<p><span style="font-family:Lucida Console"># Subespacos importantes...</span></p>
<p></p>
<p><span style="font-family:Lucida Console">internal_nets_admin="BBB.BBB.4.0/24"</span></p>
<p><span style="font-family:Lucida Console">internal_ips_admin="BBB.BBB.76.20 BBB.BBB.76.150 BBB.BBB.76.154"</span></p>
<p></p>
<p><span style="font-family:Lucida Console">my_external_routers="BBB.BBB.252.1"</span></p>
<p><span style="font-family:Lucida Console">my_old_all_services_server="BBB.BBB.4.111"</span></p>
<p><span style="font-family:Lucida Console">internal_ips_admin="BBB.BBB.8.12"</span></p>
<p></p>
<p><span style="font-family:Lucida Console">server_my_rip_ports="udp/520"</span></p>
<p><span style="font-family:Lucida Console">client_my_rip_ports="default 520"</span></p>
<p><span style="font-family:Lucida Console">server_my_torrent_ports="tcp/6881:6889"</span></p>
<p><span style="font-family:Lucida Console">client_my_torrent_ports="6881:6889" #test</span></p>
<p></p>
<p><span style="font-family:Lucida Console">TRANSPARENT_SQUID_CLIENTS="${my_nets}"</span></p>
<p><span style="font-family:Lucida Console">SQUID_WEB_PORTS="80 443 21"</span></p>
<p><span style="font-family:Lucida Console">SQUID_PORT="3128"</span></p>
<p><span style="font-family:Lucida Console">SQUID_USERS="squid"</span></p>
<p><span style="font-family:Lucida Console">SQUID_EXCLUDE=""</span></p>
<p><span style="font-family:Lucida Console">if [ ! -z "${TRANSPARENT_SQUID_CLIENTS}" ] ; then</span></p>
<p><span style="font-family:Lucida Console"> transparent_proxy "${SQUID_WEB_PORTS}" ${SQUID_PORT} "${SQUID_USERS}" \</span></p>
<p><span style="font-family:Lucida Console"> inface ${lan_interface} src "${TRANSPARENT_SQUID_CLIENTS}" \</span></p>
<p><span style="font-family:Lucida Console"> $(test ! -z "${SQUID_EXCLUDE}" && echo "dst not ${SQUID_EXCLUDE}")</span></p>
<p><span style="font-family:Lucida Console">fi</span></p>
<p></p>
<p><span style="font-family:Lucida Console">interface ${lan_interface} MY-BB src "${my_nets}" dst "${lan_ip}/32"</span></p>
<p><span style="font-family:Lucida Console"> policy reject</span></p>
<p><span style="font-family:Lucida Console"> #protection strong</span></p>
<p><span style="font-family:Lucida Console"> server ICMP accept</span></p>
<p><span style="font-family:Lucida Console"> server "http https" accept</span></p>
<p><span style="font-family:Lucida Console"> server squid accept</span></p>
<p><span style="font-family:Lucida Console"> server "ssh webmin" accept src "${internal_ips_admin}"</span></p>
<p></p>
<p><span style="font-family:Lucida Console"> client ICMP accept</span></p>
<p><span style="font-family:Lucida Console"> client "dns smtp ntp syslog tftp" accept dst "${my_old_all_services_server}"</span></p>
<p><span style="font-family:Lucida Console"> client "http https ftp" accept</span></p>
<p><span style="font-family:Lucida Console"> client ssh accept</span></p>
<p><span style="font-family:Lucida Console"> client squid accept</span></p>
<p></p>
<p><span style="font-family:Lucida Console">interface ${wan_interface} internet src not "${my_nets} ${UNROUTABLE_IPS}" dst ${wan_ip}/32</span></p>
<p><span style="font-family:Lucida Console"> policy drop</span></p>
<p><span style="font-family:Lucida Console"> server ICMP accept</span></p>
<p><span style="font-family:Lucida Console"> client ICMP accept</span></p>
<p><span style="font-family:Lucida Console"> client "http https ftp" accept</span></p>
<p></p>
<p><span style="font-family:Lucida Console">router lan2lan</span></p>
<p><span style="font-family:Lucida Console"> server all accept log "teste-server-lanlan" inface eth0 outface eth0</span></p>
<p><span style="font-family:Lucida Console"> client all accept log "teste-client-lanlan" inface eth0 outface eth0</span></p>
<p></p>
<p><span style="font-family:Lucida Console">router int2lan inface eth1 outface eth0 src not "${UNROUTABLE_IPS}" dst "${my_nets}"</span></p>
<p><span style="font-family:Lucida Console"> #protection strong</span></p>
<p><span style="font-family:Lucida Console"> server "ping timestamp dns http https ftp pop3 smtp smtps" accept dst "${my_old_all_services_server}"</span></p>
<p><span style="font-family:Lucida Console"> server "tftp ntp" accept dst "${my_old_all_services_server}" src "${my_external_routers}"</span></p>
<p></p>
<p><span style="font-family:Lucida Console"> client ICMP accept src "${my_old_all_services_server}"</span></p>
<p><span style="font-family:Lucida Console"> client "dns ntp smtp smtps" accept src "${my_old_all_services_server}"</span></p>
<p><span style="font-family:Lucida Console"> client "http https ftp ssh" accept src "${my_nets}"</span></p>
<p><span style="font-family:Lucida Console"> #client my_torrent accept src "${my_nets}"</span></p>
<p><span style="font-family:Lucida Console"> #client p2p accept src "${my_nets}"</span></p>
<p><span style="font-family:Lucida Console"> client "icmp" accept src "${my_nets}" dst "${my_external_routers}"</span></p>
<p><span style="font-family:Lucida Console"> client "snmp telnet ssh" accept src "${my_nets}" dst "${my_external_routers}"</span></p>
<p></p>
<p></p>
<p><span style="font-family:Lucida Console">With the above configuration, the internet is ok on all machines, but</span></p>
<p><span style="font-family:Lucida Console">some connections between machines in my lan dont work (probabilly about</span></p>
<p><span style="font-family:Lucida Console">routing when running this config in fireHOL), for example:</span></p>
<p></p>
<p><span style="font-family:Lucida Console">1) Any machine in subnet 8 don't talk with any machine in subnet 12 or with server-1 in subnet 4.</span></p>
<p><span style="font-family:Lucida Console">2) Client-8-1 with server-1 dont work</span></p>
<p><span style="font-family:Lucida Console">3) Client-8-1 with client-12-1 dont work.</span></p>
<p><span style="font-family:Lucida Console">4) Client-12-1 with server-1 dont work</span></p>
<p><span style="font-family:Lucida Console">5) Client-12-1 with client-8-1 dont work.</span></p>
<p><span style="font-family:Lucida Console">6) Machines in subnet 4 talk each to other.</span></p>
<p><span style="font-family:Lucida Console">7) Some Machines in subnet 4 don't talk with clients in subnet 12 or 8.</span></p>
<p></p>
<p><span style="font-family:Lucida Console">The static routes can coexist with the FireHol?</span></p>
<p></p>
<p><span style="font-family:Lucida Console">From your previous email, I believe that my topology is not correctly</span></p>
<p><span style="font-family:Lucida Console">defined by the syntax of fireHol.</span></p>
<p></p>
<p><span style="font-family:Lucida Console">How to define the sugested dependencies between of diverse gateways on the</span></p>
<p><span style="font-family:Lucida Console">firewall/router machine (fw-sr004), using the syntax of firehol. Must be</span></p>
<p><span style="font-family:Lucida Console">enabled some special caracteristic in kernel?</span></p>
<p></p>
<p><span style="font-family:Lucida Console">PS) When turn off Firehol the routing comes back to exist.</span></p>
<p></p>
<p><span style="font-family:Lucida Console">PS) I have a problem: I can't put Rip in some old machines in my topology.</span></p>
<p></p>
<p><span style="font-family:Lucida Console">PS) To test conections, i use ping and some services on servers/clients.</span></p>
<p></p>
<p><span style="font-family:Lucida Console">PS) I'm running squid proxy on machine fw-sr004.</span></p>
<p></p>
<p><span style="font-family:Lucida Console">PS) My IP range is BBB.BBB/16 and are valid B Class IPs with routing by my</span></p>
<p><span style="font-family:Lucida Console">provider.</span></p>
<p></p>
<p><span style="font-family:Lucida Console">Any Sugestion or ideas?</span></p>
<p></p>
<p><span style="font-family:Lucida Console">Tanks!!!</span></p>
<p></p>
<p><span style="font-family:Lucida Console">Em Tue 09 Aug 2005 19:50, Costa Tsaousis escreveu:</span></p>
<p><span style="font-family:Lucida Console">> Hi,</span></p>
<p><span style="font-family:Lucida Console">></span></p>
<p><span style="font-family:Lucida Console">> Your question is very generic.</span></p>
<p><span style="font-family:Lucida Console">></span></p>
<p><span style="font-family:Lucida Console">> Have you defined the relative routers in firehol.conf?</span></p>
<p><span style="font-family:Lucida Console">> Do you have logs of such packets being dropped?</span></p>
<p><span style="font-family:Lucida Console">> etc...</span></p>
<p><span style="font-family:Lucida Console">></span></p>
<p><span style="font-family:Lucida Console">> Regards,</span></p>
<p><span style="font-family:Lucida Console">></span></p>
<p><span style="font-family:Lucida Console">> Costa</span></p>
<p><span style="font-family:Lucida Console">></span></p>
<p><span style="font-family:Lucida Console">> On Mon, August 8, 2005 1:24, Rèmy Arthur de Abreu Pestana said:</span></p>
<p><span style="font-family:Lucida Console">> > Hi,</span></p>
<p><span style="font-family:Lucida Console">> ></span></p>
<p><span style="font-family:Lucida Console">> > I have a linux Fedora 3 Router/gateway running ok with static routes to</span></p>
<p><span style="font-family:Lucida Console">> > my 4</span></p>
<p><span style="font-family:Lucida Console">> > local nets, when running Firehol, the Firewall work but the routing to</span></p>
<p><span style="font-family:Lucida Console">> > the nets defined in the static routes don't work when users access</span></p>
<p><span style="font-family:Lucida Console">> > machines from</span></p>
<p><span style="font-family:Lucida Console">> > the subnets to subnets or from subnets to the backbone in eth0 (Local</span></p>
<p><span style="font-family:Lucida Console">> > interface of Firehol/Gateway Machine).</span></p>
<p><span style="font-family:Lucida Console">> ></span></p>
<p><span style="font-family:Lucida Console">> > Any Idea, suggestion?</span></p>
<p><span style="font-family:Lucida Console">> ></span></p>
<p><span style="font-family:Lucida Console">> > PS) the IPs on local subnets and my backbone are Valid Internet IPs of my</span></p>
<p><span style="font-family:Lucida Console">> > range of valid Internet IPs (XXX.YYY.0.0/16).</span></p>
<p><span style="font-family:Lucida Console">> ></span></p>
<p><span style="font-family:Lucida Console">> > Tanks!!!</span></p>
<p><span style="font-family:Lucida Console">> ></span></p>
<p><span style="font-family:Lucida Console">> ></span></p>
<p><span style="font-family:Lucida Console">> ></span></p>
<p><span style="font-family:Lucida Console">> ></span></p>
<p><span style="font-family:Lucida Console">> > -------------------------------------------------------</span></p>
<p><span style="font-family:Lucida Console">> > SF.Net email is Sponsored by the Better Software Conference & EXPO</span></p>
<p><span style="font-family:Lucida Console">> > September 19-22, 2005 * San Francisco, CA * Development Lifecycle</span></p>
<p><span style="font-family:Lucida Console">> > Practices</span></p>
<p><span style="font-family:Lucida Console">> > Agile & Plan-Driven Development * Managing Projects & Teams * Testing &</span></p>
<p><span style="font-family:Lucida Console">> > QA Security * Process Improvement & Measurement *</span></p>
<p><span style="font-family:Lucida Console">> > http://www.sqe.com/bsce5sf</span></p>
<p><span style="font-family:Lucida Console">> > _______________________________________________</span></p>
<p><span style="font-family:Lucida Console">> > Firehol-support mailing list</span></p>
<p><span style="font-family:Lucida Console">> > Firehol-support@lists.sourceforge.net</span></p>
<p><span style="font-family:Lucida Console">> > https://lists.sourceforge.net/lists/listinfo/firehol-support</span></p>
<p><span style="font-family:Lucida Console">></span></p>
<p><span style="font-family:Lucida Console">> -------------------------------------------------------</span></p>
<p><span style="font-family:Lucida Console">> SF.Net email is Sponsored by the Better Software Conference & EXPO</span></p>
<p><span style="font-family:Lucida Console">> September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices</span></p>
<p><span style="font-family:Lucida Console">> Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA</span></p>
<p><span style="font-family:Lucida Console">> Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf</span></p>
<p><span style="font-family:Lucida Console">> _______________________________________________</span></p>
<p><span style="font-family:Lucida Console">> Firehol-support mailing list</span></p>
<p><span style="font-family:Lucida Console">> Firehol-support@lists.sourceforge.net</span></p>
<p><span style="font-family:Lucida Console">> https://lists.sourceforge.net/lists/listinfo/firehol-support</span></p>
<p></p>
</body></html>