From: anuj s. <anu...@gm...> - 2006-01-24 11:13:39
|
hello Jerry! I am testing with two internet providers: Machine=3D Fedora Core 4 Shorewall version=3D3.1.3 interfaces =3D eth0,eth1,eth2 zones =3D net(eth0 , with ip =3D192.192.192.15) Connects to the another machine (already masqueraded with local address =3D 192.192.192.10). I am using it as my ISP1 loc(eth1, with ip =3D 192.168.0.1) I connected this ethernet to another pc (as my local zone with ip=3D 192.16= 8.0.2) Target I want this machine to get routed (ONLY) threw ISP1. inet(eth2, with ip =3D192.168.1.102) I connected this ethernet to another machine with ip=3D192.168.1.2 (This is my monowall machine connected directly to another ISP and configured it to allow all traffic from 192.168.1.102(My Shorewall eth2, ip=3D192.168.1.102) to WAN (nameserver=3D172.16.6.49, gw=3D172.16.6.49). Note I am using it as my ISP2 NOW i configured another test machine on the lan (in my net zone with ip address =3D 192.192.192.221 I configured this test machines Default Gateway by editing my /etc/sysconfig/network-scripts/ifcfg-eth0 I added one Line GATEWAY=3D192.192.192.15 route -n gives me default gw=3D 192.192.192.15 (Machine running shorewall) and I gave it's /etc/resolv.conf nameserver 172.16.6.49 nameserver 192.192.192.15 Target I want this machine to use ONLY ISP2 via my Shorewall machine (192.192.192.15) My local machine is getting routed via(On local zone machine with ip 192.168.0.2): #traceroute tldp.org traceroute to tldp.org (152.2.210.81), 30 hops max, 38 byte packets 1 192.168.0.1 (192.168.0.1) 0.248 ms 0.192 ms 0.179 ms 2 medmgmt-10.tajen.edu.tw (192.192.192.10) 0.265 ms 0.342 ms 0.276 ms 3. My ISP1 and so on But the another test machine which residies in the net zone with ip (192.192.192.221) gives me no route to host though I configured it to use my shorewall machine(192.192.192.15) as it's default gw and gave nameserver=3D172.16.6.49 which is My ISP2 via monowall machine! thanks and regards Anuj On 1/24/06, Jerry Vonau <jv...@sh...> wrote: > anuj singh wrote: > > Hello ! > > I am using shorewall version-3.1.2 on Fedora core 4 > > > Your now running the testing branch. > > > Now it is running without any error! > > I need some more help .... > > You need to slow down and apply some of the examples. > > > I have 4 zones (including the default fw) > > Zones > > fw firewall > > loc ipv4 > > net ipv4 > > inet ipv4 > > > > interfaces > > > > #ZONE INTERFACE BROADCAST OPTIONS > > net eth0 detect > > loc eth1 detect > > inet eth2 detect > > explanation below, change: > > inet eth2 detect,routeback > > > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > > > > > > > > providers > > ISP1 1 1 main eth2 192.168.1.2 > > track,balance eth1 > > ISP2 2 2 main eth0 > > 192.192.192.10 track,balance eth1 > > #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE > > > > masq > > eth0 eth1 > > eth2 192.192.192.221 > > > add: > eth2:192.192.192.221 192.192.192.15 > > > > My Rules file > > ACCEPT fw net > > ACCEPT fw loc > > ACCEPT fw inet > > ACCEPT loc net > > ACCEPT loc fw > > REDIRECT net 8080 tcp 80 > > REDIRECT net:192.192.192.11 8080 tcp 80 > > REDIRECT net:192.192.192.118 8080 tcp 80 > > ACCEPT net:192.192.192.118 fw tcp 443 > > ACCEPT net:192.192.192.11 fw tcp 443 > > ACCEPT net:192.192.192.221 inet > > That should cover the eth0 -> eth2, you may need eth0 -> eth0 > ACCEPT net:192.192.192.221 net > > > ACCEPT loc fw icmp 8 > > DNAT:info net loc:192.168.1.2 tcp 80 > > DNAT:info net loc:192.168.1.2 tcp 22 > > DROP:info all all > > > > > > My Policy File > > fw net ACCEPT > > fw inet ACCEPT > > fw loc ACCEPT > > loc net ACCEPT > > loc inet ACCEPT > > inet fw DROP > > inet loc DROP > > inet net DROP info > > all all REJECT info > > > > > > I connected my firewall to > > 1: another system on the zone net (the network simulating my ISP1) > > where 192.192.192.10 is ISP1 and this system (test system with ip > > addres 192.192.192.221 + it's gate way is my firewall (192.192.192.15) > > + nameserver =3D MY ISP2 (zone=3Dinet) > > hold it, "where 192.192.192.10 is ISP1" "MY ISP2" =3D ISP2 in the > providers file? Don't flip the names around like that.... > > > > 2:I connected another PC (Zone loc , ip=3D 192.168.0.2 , eth1) > > 3:My third nic is connected to eth2 =3D (ISP2, IP=3D172.16.x.x) > > > and eth2 is now what? that is not what is in the providers.... > > > > > from my firewall I can use both the ISP's (checked it after successful > > shorewall startup and disabling eth0 (ISP1) + traceroute command > it > > goes from ISP2 vice-versa. > > > > I set my default gw of fw to ISP2 =3D(172.16.x.x) > > traceroute gives me the path of ISP2 > > while my local machine (on eth1) which I gave the ISP1's nameserver > > goes as I wanted i.e. threw ISP1. > > What command are you using to change the gateway? That could really mess > things up if you don't get that right, your not using "route" are you? > > > > > On the other hand my Second machine is on the zone net with a > > different ip (192.192.192.221) + gateway =3D my fw(192.192.192.15) and > > nameserver =3DISP2 givs me Unknown Host. > > At this point I have no clue in what ISP2 referring to.. > "nameserver=3DISP2" is available though eth0 or eth2? > > If the route to this server passes though 192.192.192.10, then you'll > need what I posted above. As soon as you stop mixing up the files that > you post and their examples the clearer it becomes to the rest of us. > Please use the support guidelines for your version as found on > http://www.shorewall.net/support.html > > > Jerry > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log fi= les > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D103432&bid=3D230486&dat= =3D121642 > _______________________________________________ > Shorewall-users mailing list > Sho...@li... > https://lists.sourceforge.net/lists/listinfo/shorewall-users > -- =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Linux Rocks |