[Sheflug] Routing Problem

["Stephen J. Turnbull" <nospam [at] sk.tsukuba.ac.jp>]

>>>>> "Richard" == Richard  <richard [at] sheflug.co.uk> writes:

    Richard> My old internet facing box was looking a bit oldish and
    Richard> so I've replaced it with a new one.

Bad move.  Hardware rarely has anything to do with security.  If it
ain't broke, don't fix it.  You see, I know what's coming next:

    Richard> However, when I try to ping 194.247.47.47 which is my ISP
    Richard> from my notebook through my internet box nothing comes
    Richard> back when I am connected.

On the gateway box:

# first try
echo 1 > /proc/sys/net/ipv4/ip_forward # the usual culprit
# now test, no restart necessary

# second try
echo "proxyarp" >> /etc/ppp/options    # location may vary.  not likely,
                                       # but haul 'im in for questioning
# now restart the ppp link and test

# "run in circles, scream and shout" mode
# disconnect any security-sensitive hosts from the gateway
ipchains -F forward
ipchains -P forward ACCEPT
# ping the ISP gateway and then reboot the local gateway, you're wide-open
# if ping works here, your packet filter is hosed and we need to
#   see the output of ipchains -L on the gateway

You'll receive an invoice shortly.

-- 
University of Tsukuba                Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences       Tel/fax: +81 (298) 53-5091
_________________  _________________  _________________  _________________
What are those straight lines for?  "XEmacs rules."
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.