Firewalling and getting "no data" responses
We have just started to get our firewall put together.
What we want is for nobody outside to be able to get to our internal
network, and for everyone inside to be able to get out. When we have
this set up and have run sopme security checks, we shall make it serious.
Here is the problem - now that my firewall is set up, nobody on the
inside can get to the outside. Netscape tells them "the document
contains no data." for pages on outside hosts Many details follow.
I have recompiled the kernel to use firewalling. I have chosen socks as
the firewall daemon. Our internal netowrk is 192.168.2.*, and the
server/firewall is 220.127.116.11. We own 18.104.22.168-32, making the
netmask end in .240.
sockd.conf looks like
permit 192.168.2.0 255.255.255.0
permit 22.214.171.124 255.255.255.240
deny 0.0.0.0 0.0.0.0
so anything internal and anything from the internal network is freely
tramittable, but nothing from the outside can get to the inside, and out
internal packets are filtered out of the outgoing data stream.
socks.conf looks like
direct 192.168.2.0 255.255.255.0
deny 192.168.2.0 0.0.0.0
sockd @=dns 0.0.0.0 0.0.0.0
local machines have a driect connection, and our socks server,
dns.eviews.com, will cvalidate everything else.
and sockd.route looks like
192.168.2.150 192.168.2.0 255.255.255.0
126.96.36.199 0.0.0.0 0.0.0.0
The ethernet card at 192.168.2.150 will get all local network traffic,
and everything else goes via the ethernet card at 188.8.131.52.
Now, on a machine on the inside network, I have netscape set up. I told
it we are using firewalling, and that the socks server is at
socks.eviews.com, port 1080. (socks and dns are the same machine, at
I told it that ftp and http are to be handled by socks.eviews.com, also
at port 1080.
Whenever I try to make a connection to the outside, it looks up the name,
then tells me "Document contains no data".
I have read the firewalling-HOWTO and the various socks man pages. Also,
the book "How to set up a perfect internet site with Linux."
I can use ftp from the shell prompt on the linux machine to these outside
places, so I am porbably just not understanding how to configure this. I
post in the linux group, rather than the netscape groups, as I know less
about linux, and so am more likely to have screwed it up.
Scott Ellsworth q...@netcom.com
My opinions are my own EViews ftp: ftp.netcom.com:/pub/qm/qms
Quantitative Micro Software - 714 856 3368
"The barbarian is thwarted at the moat" - Scott Adams