[Firehol-support] Routing between virtual interfaces

Costa Tsaousis costa at tsaousis.gr
Sat Feb 14 11:36:42 GMT 2009



Grab the latest firehol from http://firehol.sf.net/firehol.tar.gz

To do it, execute as root:


# cd /tmp

# wget http://firehol.sf.net/firehol.tar.gz


Untar it:


# tar zxvpf firehol.tar.gz


Go into /tmp/firehol/ directory and run the firehol wizard:


# cd /tmp/firehol

# ./firehol.sh wizard >/tmp/firehol.conf


Open /tmp/firehol.conf with an editor and at the very top insert this line:


masquerade ppp+


Save it and now activate this firehol.conf (while still in /tmp/firehol/


# ./firehol.sh /tmp/firehol.conf


It will ask you to commit it once it is activated. Please do so. Keep in
mind that the wizard has ACCEPT rules for everything found to be running
(for example it will ACCEPT traffic from the internet, for everything


Now, please make your tests again. Do they work?


If yes, please examine /tmp/firehol.conf to find out how you should
configure your firewall.

If not, please:


1.       send us /tmp/firehol.conf, It will be long, so please attach it to
the e-mail.

2.       Send us also the output of the commands (on the firewall):


# ip link show

# ip route show

# ip rule show


And answer the following questions:


a)      How to you setup your hosts? DHCP or static?
If it is DHCP, please attach the configuration of your dhcp server.


b)      Pick any two hosts, each in a different subnet to make some tests
with, and for both of them please give us this info:

a.       IP Address

b.      Subnet Mask

c.       Broadcast Address

d.      Default Gateway







From: M. O. [mailto:mofog at hotmail.com] 
Sent: Thursday, February 12, 2009 9:52 PM
To: cefrodrigues at gmail.com
Cc: firehol-support at lists.sourceforge.net
Subject: Re: [Firehol-support] Routing between virtual interfaces


No more suggestions?
If this was caused by a small glitch in firehol itself, I'd be willing to
offer my system as a test course. Just let me know if I can be of any
assistance. I just wanted to let you know that I won't be available for the
next 10 days. Afterwards, I'm going to merge the subnets to avoid further
complications, in case no one has any hints left.

Thanks for the great support so far!


> Date: Sun, 8 Feb 2009 18:16:15 +0000
> Subject: Re: [Firehol-support] Routing between virtual interfaces
> From: cefrodrigues at gmail.com
> To: mofog at hotmail.com
> CC: firehol-support at lists.sourceforge.net
> On Fri, Feb 6, 2009 at 7:11 PM, M. O. <mofog at hotmail.com> wrote:
> > As you can see, there are some contradictory statements: one maps the
> > traffic from to successfully to the rule
> > "DELTA2BRO", and the next line tells the exact opposite (same addresses
> > mapped to "PASS-unknown"). I'm quite in despair now.
> What does your firehol.conf look like? Are you accepting all traffic?
> -- 
> Carlos Rodrigues


Brand neu: Top Videos auf MSN ClipClub! Schau Dir die besten Playlists an
<http://redirect.gimas.net/?n=M0902ClipClub> >> Play now!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20090214/e9ea7419/attachment-0003.html>

More information about the Firehol-support mailing list