Linux firewall + linksys wrt54g

Hello. I'm trying to setup a slackware 9.1 box as a firewall, but
since i don't have a hub/switch, i'm using my linksys WRT54G to do
that.

The topography looks like
Cable_Modem->eth1(24.x.x.x)->eth0(172.16.3.1)->WRT54G->nodes.

On the firewall, the routing table looks fine...

Destination Gateway Genmask Use Iface
24.x.x.x(ISP IP)* 255.255.255.0 eth1
172.16.0.0 * 255.255.0.0 eth0
loopback * 255.0.0.0 lo
default co-ctlwst-u1-c4 0.0.0.0 eth1

and I'm using 172.16.3.1 as the default gateway on all the other
nodes. All nodes can ping the gateway, yet none of them have internet
access. I'm using iptables, and that appears to be configured
correctly. Could anyone give me some suggestions? I'm not sure
whether the problem is linksys or linux configuration.... or both, but
I've been going crazy with this for a week straight now.

> Hello. I'm trying to setup a slackware 9.1 box as a firewall, but
> since i don't have a hub/switch, i'm using my linksys WRT54G to do
> that.
>
> The topography looks like
> Cable_Modem->eth1(24.x.x.x)->eth0(172.16.3.1)->WRT54G->nodes.
>
> On the firewall, the routing table looks fine...
>
> Destination Gateway Genmask Use Iface
> 24.x.x.x(ISP IP)* 255.255.255.0 eth1
> 172.16.0.0 * 255.255.0.0 eth0
> loopback * 255.0.0.0 lo
> default co-ctlwst-u1-c4 0.0.0.0 eth1
>
> and I'm using 172.16.3.1 as the default gateway on all the other
> nodes. All nodes can ping the gateway, yet none of them have internet
> access. I'm using iptables, and that appears to be configured
> correctly. Could anyone give me some suggestions? I'm not sure
> whether the problem is linksys or linux configuration.... or both, but
> I've been going crazy with this for a week straight now.

Ryan, my setup is nearly identical to yours-- I have the same network
topology, and the same router too. Everything you've described looks
correct: your routing table is analogous to mine, and the default gateway
for your LAN nodes is correct.

The fact that you can ping your gateway from the LAN, but not go further,
suggests to me an iptables problem. You say iptables is set up correctly,
but you don't provide details. My guess is that there's a problem in your
FORWARD chain or nat table. Can you send us output of 'iptables -nv -L
FORWARD' and 'iptables -nv -t nat -L' ? Who's doing your NAT-- the router,
or the gateway?

Another possibility is that you don't have the router configured correctly.
It took me a while to hit on the right combination of settings. We could
go over the details, but since you already have connectivity on your LAN, I
doubt this is your problem.

Good luck,
Andrew.

--
To reply by email, change "deadspam.com" to "alumni.utexas.net"

You didn't mention IP forwarding. Did you

echo "1" > /proc/sys/net/ipv4/ip_forward


--

wcardwell at nc dot rr dot com


"Andrew Schulman" <andrex@deadspam.com> wrote in message
news:bvlag6$td5om$1@ID-8097.news.uni-berlin.de...
> > Hello. I'm trying to setup a slackware 9.1 box as a firewall, but
> > since i don't have a hub/switch, i'm using my linksys WRT54G to do
> > that.
> >
> > The topography looks like
> > Cable_Modem->eth1(24.x.x.x)->eth0(172.16.3.1)->WRT54G->nodes.
> >
> > On the firewall, the routing table looks fine...
> >
> > Destination Gateway Genmask Use Iface
> > 24.x.x.x(ISP IP)* 255.255.255.0 eth1
> > 172.16.0.0 * 255.255.0.0 eth0
> > loopback * 255.0.0.0 lo
> > default co-ctlwst-u1-c4 0.0.0.0 eth1
> >
> > and I'm using 172.16.3.1 as the default gateway on all the other
> > nodes. All nodes can ping the gateway, yet none of them have internet
> > access. I'm using iptables, and that appears to be configured
> > correctly. Could anyone give me some suggestions? I'm not sure
> > whether the problem is linksys or linux configuration.... or both, but
> > I've been going crazy with this for a week straight now.
>
> Ryan, my setup is nearly identical to yours-- I have the same network
> topology, and the same router too. Everything you've described looks
> correct: your routing table is analogous to mine, and the default gateway
> for your LAN nodes is correct.
>
> The fact that you can ping your gateway from the LAN, but not go further,
> suggests to me an iptables problem. You say iptables is set up correctly,
> but you don't provide details. My guess is that there's a problem in your
> FORWARD chain or nat table. Can you send us output of 'iptables -nv -L
> FORWARD' and 'iptables -nv -t nat -L' ? Who's doing your NAT-- the
router,
> or the gateway?
>
> Another possibility is that you don't have the router configured
correctly.
> It took me a while to hit on the right combination of settings. We could
> go over the details, but since you already have connectivity on your LAN,
I
> doubt this is your problem.
>
> Good luck,
> Andrew.
>
> --
> To reply by email, change "deadspam.com" to "alumni.utexas.net"
>

> You didn't mention IP forwarding. Did you
>
> echo "1" > /proc/sys/net/ipv4/ip_forward

That would do it...

--
To reply by email, replace "deadspam.com" by "alumni.utexas.net"