This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Newbie needs help... routing policies

Hello,

I am evaluating ASL V6.102 inside VMWare 5.5 on a Suse-Linux 9.3 host. ASL has bridged (eth1,ext:192.168.2.5) and vmnet1 (eth0,int:172.16.114.1) networks. The client is WinXP-SP2 with vmnet1 (eth0,int:172.16.114.2). Installation went well and I can control ASL via browser from the WinXP client. Now the problem:

As far as I understand the routing policies I want to open everything into both directions by setting these policies as a test:

source interface: internal
source: any
service: any
destination: any
target: external (address)

and

source interface: external
source: any
service: any
destination: any
target: internal (address)

There are no other proxies or whatever rules.

I expected to reach the internet (google) from the client, but nothing happens... [:S]

Where is my mistake ???

Would someone please post some basic rules for http access to help me to find my error... :-)))

regards, adeva

This thread was automatically locked due to age.

0 BarryG over 19 years ago

In a simple, static network, you normally don't need to change the routing, you just need to set packet filter rules.
If you're using private IPs, you also need NAT/Masq, but this wouldn't apply to your network as you're apparently not hooked up directly to an internet connection.

Have you read the getting started guides?
http://docs.astaro.org/

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 Adeva over 19 years ago in reply to BarryG

hm, I use masquerading and set the packet-filter rules to allow anything from any source and I can only ping outside, nothing else works:

Masquerading:
Internal(Network) -> All / All MASQ_External None

Packet-Filter:
Source:Any, Service: Any, Action: Allow, Destination: Any

I still cant figure my mistake...

regards, adeva

here is a part of the logfile:

2005:12:28-16:10:22 (none) ulogd[1849]: IP-SPOOFING DROP: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=229 TOS=00 PREC=0x00 TTL=128 ID=46586 CE PROTO=UDP SPT=138 DPT=138 LEN=209
2005:12:28-16:10:22 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=229 TOS=00 PREC=0x00 TTL=128 ID=46586 CE PROTO=UDP SPT=138 DPT=138 LEN=209
2005:12:28-16:10:45 (none) ulogd[1849]: IP-SPOOFING DROP: IN=eth1 OUT= MAC=00:0c:29:ad:bc:50:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.1 LEN=63 TOS=00 PREC=0x00 TTL=128 ID=46866 CE PROTO=UDP SPT=1034 DPT=53 LEN=43
2005:12:28-16:10:46 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=00:0c:29:ad:bc:46:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.1 LEN=63 TOS=00 PREC=0x00 TTL=128 ID=46879 CE PROTO=UDP SPT=1034 DPT=53 LEN=43
2005:12:28-16:10:47 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=00:0c:29:ad:bc:46:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.1 LEN=63 TOS=00 PREC=0x00 TTL=128 ID=46892 CE PROTO=UDP SPT=1034 DPT=53 LEN=43
2005:12:28-16:10:49 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=00:0c:29:ad:bc:46:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.1 LEN=63 TOS=00 PREC=0x00 TTL=128 ID=46917 CE PROTO=UDP SPT=1034 DPT=53 LEN=43
2005:12:28-16:10:51 (none) ulogd[1849]: IP-SPOOFING DROP: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=202 TOS=00 PREC=0x00 TTL=128 ID=46948 CE PROTO=UDP SPT=138 DPT=138 LEN=182
2005:12:28-16:10:51 (none) ulogd[1849]: IP-SPOOFING DROP: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=46949 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:10:51 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=202 TOS=00 PREC=0x00 TTL=128 ID=46948 CE PROTO=UDP SPT=138 DPT=138 LEN=182
2005:12:28-16:10:51 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=46949 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:10:51 (none) ulogd[1849]: IP-SPOOFING DROP: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=46956 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:10:51 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=46956 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:10:53 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=00:0c:29:ad:bc:46:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.1 LEN=63 TOS=00 PREC=0x00 TTL=128 ID=46963 CE PROTO=UDP SPT=1034 DPT=53 LEN=43
2005:12:28-16:10:53 (none) ulogd[1849]: IP-SPOOFING DROP: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=46970 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:10:53 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=46970 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:10:56 (none) ulogd[1849]: IP-SPOOFING DROP: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=202 TOS=00 PREC=0x00 TTL=128 ID=47001 CE PROTO=UDP SPT=138 DPT=138 LEN=182
2005:12:28-16:10:56 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=202 TOS=00 PREC=0x00 TTL=128 ID=47001 CE PROTO=UDP SPT=138 DPT=138 LEN=182
2005:12:28-16:10:56 (none) ulogd[1849]: IP-SPOOFING DROP: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=47002 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:10:56 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=47002 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:10:56 (none) ulogd[1849]: IP-SPOOFING DROP: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=47015 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:10:56 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=47015 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:10:57 (none) ulogd[1849]: IP-SPOOFING DROP: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=47022 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:10:57 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=47022 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:11:00 (none) ulogd[1849]: IP-SPOOFING DROP: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=202 TOS=00 PREC=0x00 TTL=128 ID=47059 CE PROTO=UDP SPT=138 DPT=138 LEN=182
2005:12:28-16:11:00 (none) ulogd[1849]: IP-SPOOFING DROP: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=47060 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:11:00 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=202 TOS=00 PREC=0x00 TTL=128 ID=47059 CE PROTO=UDP SPT=138 DPT=138 LEN=182
2005:12:28-16:11:00 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=47060 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:11:00 (none) ulogd[1849]: IP-SPOOFING DROP: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=47073 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:11:00 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=47073 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:11:02 (none) ulogd[1849]: IP-SPOOFING DROP: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=47080 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:11:02 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=47080 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:11:05 (none) ulogd[1849]: IP-SPOOFING DROP: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=47117 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:11:05 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=47117 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:11:05 (none) ulogd[1849]: IP-SPOOFING DROP: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=47124 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:11:05 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=47124 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:11:06 (none) ulogd[1849]: IP-SPOOFING DROP: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=47137 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:11:06 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=47137 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:16:22 (none) ulogd[1849]: IP-SPOOFING DROP: IN=eth1 OUT= MAC=00:0c:29:ad:bc:50:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.1 LEN=60 TOS=00 PREC=0x00 TTL=128 ID=51546 CE PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=256
2005:12:28-16:16:31 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=00:0c:29:ad:bc:46:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.1 LEN=63 TOS=00 PREC=0x00 TTL=128 ID=51659 CE PROTO=UDP SPT=1034 DPT=53 LEN=43
2005:12:28-16:16:32 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=00:0c:29:ad:bc:46:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.1 LEN=63 TOS=00 PREC=0x00 TTL=128 ID=51672 CE PROTO=UDP SPT=1034 DPT=53 LEN=43
2005:12:28-16:16:34 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=00:0c:29:ad:bc:46:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.1 LEN=63 TOS=00 PREC=0x00 TTL=128 ID=51685 CE PROTO=UDP SPT=1034 DPT=53 LEN=43
2005:12:28-16:16:36 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=00:0c:29:ad:bc:46:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.1 LEN=63 TOS=00 PREC=0x00 TTL=128 ID=51711 CE PROTO=UDP SPT=1034 DPT=53 LEN=43
2005:12:28-16:16:40 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=00:0c:29:ad:bc:46:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.1 LEN=63 TOS=00 PREC=0x00 TTL=128 ID=51763 CE PROTO=UDP SPT=1034 DPT=53 LEN=43
2005:12:28-16:17:05 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=00:0c:29:ad:bc:46:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.1 LEN=59 TOS=00 PREC=0x00 TTL=128 ID=52046 CE PROTO=UDP SPT=1034 DPT=53 LEN=39
2005:12:28-16:17:06 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=00:0c:29:ad:bc:46:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.1 LEN=59 TOS=00 PREC=0x00 TTL=128 ID=52059 CE PROTO=UDP SPT=1034 DPT=53 LEN=39
2005:12:28-16:17:07 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=00:0c:29:ad:bc:46:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.1 LEN=59 TOS=00 PREC=0x00 TTL=128 ID=52072 CE PROTO=UDP SPT=1034 DPT=53 LEN=39
2005:12:28-16:17:10 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=00:0c:29:ad:bc:46:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.1 LEN=59 TOS=00 PREC=0x00 TTL=128 ID=52097 CE PROTO=UDP SPT=1034 DPT=53 LEN=39
2005:12:28-16:17:14 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=00:0c:29:ad:bc:46:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.1 LEN=59 TOS=00 PREC=0x00 TTL=128 ID=52146 CE PROTO=UDP SPT=1034 DPT=53 LEN=39
2005:12:28-16:17:22 (none) ulogd[1849]: IP-SPOOFING DROP: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=52233 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:17:22 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=52233 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:17:22 (none) ulogd[1849]: IP-SPOOFING DROP: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=52240 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:17:22 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=52240 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:17:24 (none) ulogd[1849]: IP-SPOOFING DROP: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=52253 CE PROTO=UDP SPT=137 DPT=137 LEN=58
2005:12:28-16:17:24 (none) ulogd[1849]: DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:fc:51:28:08:00  SRC=172.16.114.2 DST=172.16.114.255 LEN=78 TOS=00 PREC=0x00 TTL=128 ID=52253 CE PROTO=UDP SPT=137 DPT=137 LEN=58
Cancel
Vote Up 0 Vote Down

Cancel