We're going to need a little more info to be able to help. Interface settings, Packet filter rules, Masq/NAT rules. What type of config? DSL router between internet and ASL, ASL connected directly to DSL Modem, bla, bla, bla.
Ok…..here goes…………I have a static IP from my DSL provider and everything is working fine at this point …my ASL box is after the DSL router. My ASL box is up and able to update and I’m able to login to it from an external source… using my static IP……….Basically I’m unable to ping out or surf the internet from behind the firewall.
Current nat rules set Internal_Interface__ -> All / All MASQ__InternalSF_External_Interface__
i think you have to definition a Static Route from your DSL-Router to the Networks behind your Firewall. And an Zero-Route from your ASL to the Router. Like this:
On DSL-Router:
Destination = Internal LAN MASK = Expl. 255.255.255.0 Next Hop = ASL 192.168.X.0 255.255.255.0 -> 192.167.Y.1 (expl. IP for ASL)
On ASL: 0.0.0.0 / 0.0.0.0 -> 192.167.Y.2 (expl. IP for DSL-Router)
Currently the DSL router comes with the static ip programed.........I have a 3 nic ASL box eth0 has the internal IP 192.168.x.x to access webadmin ........eth1 has my static IP address 66.x.x.x I have a strait ATM connection to thier network.........
Note the router is not configureable...Greatspeed R250 sdo
IT's a DSL router without firewall or any Security.........Its was sent from my ISP I plug the my rj11 line into it........here is what i have web page
OK, It's just your DSL modem. I've got something similar.
Your Masq rule looks a little off, if I'm reading it correctly.
Internal_Interface__ -> All / All MASQ__InternalSF_External_Interface__
You should be Masqing your internal network to the external interface not
Masqing your internal interface to the external interface.
Also, how are your internal machines being assigned their IP addresses?
Currently I have a Active Directory network running and the Primary root pc is assigning DHCP addresses and it also Manages the DNS lookup..........Initially I had a linksys router in Place of my now ASL box...... I now want to replace my linksys management with an ASL box...... I have shut everything down to allow a testing environment between my DSL router, ASL and 2 system within my existing network for testing.
Thank you very much I really appreciate your Assistance....This is somewhat of a learning process for me [:$].
Did you check out your Masq rule? I see above that someone talked about static routes. Just to get started, you don't need them.
You need 2 things... 1) A Masq rule to Masq your internal_network to your external interface. and 2) A packet finter rule to allow from internal_network, all services, to Any. That should get you going as long as your DHCP is issuing an address in your internal network as defined in ASL and the gateway assigned is the internal interface of your ASL machine.
Hey ..........Fellas..........I got it working.........Yes Jim M I tweak the Nat rule enough and now it work....All of you guys thanks for your assistance it is greatly appreciated.
Hey ..........Fellas..........I got it working.........Yes Jim M I tweak the Nat rule enough and now it work....All of you guys thanks for your assistance it is greatly appreciated.
You're welcome. ASL is an extremely flexible firewall. Do yourself a big favor. Set up a test machine and play around with it. It's a real education as well as kinda fun. Yes, yes, I know, sounds geeky.
