Menu
▾
▴
Re: [Shorewall-users] shorewall newbie
|
From: Jerry V. <jv...@sh...> - 2008-11-24 20:31:42
|
Phillipus Gunawan wrote: > Shorewall version 4.0.14 > Debian Etch > Webmin Version 1.441 > > eth0 -> connected to adsl bridged modem, working OK using RP-PPPoE, outputing ppp0 with correct ip from TPG > eth1 -> 10.1.1.1 connected to a router, act as gateway for other hosts > eth2 -> 10.1.1.4 connected to wireless router > > > Problem 1 > > Ignoring the use of eth1, I install Debian with eth2 plugged > > When Im using eth2, I can log in to my box (using webmin) to configure the debian either using 10.1.1.1 or 10.1.1.4 address, I can ping other host (e.g 10.1.1.5). But when I use eth2, I cant ping or do anything, the ping result from Debian: From 10.1.1.4 Host Unreachable > > What mistake I did? Why I can't use eth1 connected with other hosts? > > Check the routing, I'll bet that you only have a network route on eth2. > Problem 2 > > PPPoE up and running, I can ping any web address from Debian (e.g. www.yahoo.com) > But Im not able to make other host (e.g. 10.1.1.5) connect to internet via gateway on eth1 nor eth2 > > Again, ignoring the use of eth2 and I can configure eth1 to talk with other hosts, how I can make Shorewall working to share the internet? > > Shorewall configuration > > Interfaces > #ZONE INTERFACE BROADCAST OPTIONS > net ppp0 detect routefilter > loc eth0 detect > loc eth1 detect > > Masq > #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK > ppp0 eth1 > ppp0 eth0 > > Policy > $FW net ACCEPT > $FW loc ACCEPT > net $FW ACCEPT > net loc ACCEPT now your wide open.... > loc $FW ACCEPT > loc net ACCEPT > > Rules > ACCEPT loc net all > ACCEPT net loc all > ACCEPT $FW net all > that is more of a policy.... > Zones > fw firewall > net ipv4 > loc ipv4 > > > Any help would be much appreciated > Thanks in advance > Debian? check shorewall.conf for IP_FORWARDING=On, you may have "Keep" instead of "On" Jerry |