forum.excito.com

There's no forwarding involved if you host NAS functionality on the B3, so these lines would not apply. Be aware that you need to be able to route both ways in all circumstances. An example: You send a valentine card and inside you wrote "I've been your secret admirer for years". Of course...

I'm somewhat confused about that. :? Since wireless connects to the B3 through br0 interface, the rule is already set to ACCEPT. The change inflicted by setting the policy for INPUT to ACCEPT is that it also allows full access to the B3 itself from the WAN (eth0) interface. There should not be any n...

FWIW I found the Netkey stack too unstable anyway and turned to Klips, which I also find easier to manage because it adds an ipsec0 interface. Yes you still need the kernel source, but since building the Klips module doesn't require to build all the other kernel related stuff as well you're done a l...

On the B3 the interfaces wlan0 and eth1 are paired in a bridge: br0. This is the interface that Netfilter sees when you connect from the LAN # Generated by iptables-save v1.4.8 on Tue Oct 18 22:07:08 2011 *nat : PREROUTING ACCEPT [2909:159090] :INPUT ACCEPT [194:26025] :OUTPUT ACCEPT [74:7571] : POS...

Most likely the WAN address on the B3 was offered a new IP by your router's DHCP which then failed to also flush and reload the forwarding rules. I'm guessing it would have been sufficient to pull the power from the router and reconnect it after 10-15 seconds.

The web server use the wan so thats fine but samba and access to the bubba web interface uses the LAN-port.. That is actually not a firewall issue but a deliberate configuration (tweak) in these services. You can verify by running `netstat -an` that the samba protocols (port 139 and 445) are most l...

Cant do that because the voIP-router has 100 Mbit and my internet speed is 200 MBit :( Now why didn't you say that before? Okay then. Let's work back from this: That could work. But if I uses the bubba the other way around as I tested it with the WAN-side on my network and LAN-side to the voIP. Is ...

Right.... And you think that what I said before was complicated :roll: So, essentially what you're saying is that you want to double NAT the VOIP unit and you actually managed to get this setup to work with the one little problem that you had to reverse the network connections on the Bubba. Can I as...

Damn. Thats complicated. Just think of it as fingerposts. When you get to a crossing you can read them and decide if you want to follow one or ignore them all and stick to the main road (defaultroute). Now fingerposts are not that precise, so depending on the size of the city you want to go to you ...

update-rc.d bubba-firewall remove But remember that any routing in the unit is depending on certain constructs in the firewall Not true... Routing depends on both devices that are trying to communicate knowing what path to follow to reach the other side. The (TCP/)IP protocol is rather stupid in th...

Ah, okay... Well there is a kind of cookbook on that subject on Debian Administration . I did a quick read and actually learned something new on the PermitRootLogin setting; a day well spent 8) Looks like this might work if you're not too picky about functionality. A major problem might be that this...

So essentially this is about off-loading. You want the internet traffic that is generated on the LAN to pass through the linksys router and the B3 should only receive traffic that is meant for one of its local services. Then you need to go into the configuration of the new modem and check if you can...

Aha - thank You, very useful. I will probably use SSH to tunnel into the network. Does that change the scripts/codes? Totally different ball game. Possibly dangerous one as well; you should at least restrict access to port 22 to addresses you trust. More info and howto here I'd suggest though that ...

A small example for a webserver that is behind the firewall To rewrite the incoming packet add the following rule iptables -t nat -A PREROUTING -s 0.0.0.0/0 -d ${EXTERNAL_IP} \ -p tcp --dport www -j DNAT --to ${WWW_SERVER} For traffic coming in from the outside you'll also have to enable forward ipt...

I'm trying to draw a picture of this but I'm not really getting what you're trying to accomplish. It seems you want to place the B3 (it is about the B3, right?) in parallel of your old router which now routes between the LAN and what has now been promoted to DMZ. You want the B3 WAN interface to hav...