Menu
▾
▴
Re: [Shorewall-users] two interfaces with private Ip (rfc1918) on both side and dhcp issue
|
From: OBones <ob...@fr...> - 2011-10-26 09:32:05
|
Tom Eastep wrote:
> On Tue, 2011-10-25 at 16:01 +0200, OBones wrote:
>> Tom Eastep wrote:
>>> Get rid of the default route out of eth0 -- a simple configuration like
>>> yours should have exactly one default route - out of the 'net'
>>> interface.
>> this worked, the route is no longer there.
>> Not being near the firewall at the moment, I can't test the "routed"
>> mode for the modem just yet but will try tonight and keep everyone posted.
I was able to test that yesterday evening and while the DHCP reply was
no longer filtered out (no shorewall drop rule logged), the dhcp client
was not able to process the response and so the interface did not get a
valid IP address.
I then looked in the configuration for the dhcp client, and despite this
not being related to shorewall, I'm posting the solution here for a
reference to others in the same situation.
The problem came from a bad configuration in /etc/dhclient-eth1.conf
which contained this :
interface "eth1" {
send dhcp-lease-time 2592000;
supersede dhcp-server-identifier 255.255.255.255;
}
It's the second line that made the problem happen when the modem is in
the "routed" mode.
Once I commented out that directive (and restarted the dhcp daemon), the
interface got its address just fine and outgoing connections worked
straight away. Adding forwarding rules in the modem was the next step
and once done, I was back to working conditions.
>> Can you confirm that I need to remove the "GATEWAY=10.10.10.254" line
>> from /etc/sysconfig/network-scripts/ifcfg-eth0 in order to prevent the
>> default route from being added on every boot?
> That's correct. You probably added that default route when you
> configured the device using your distribution's GUI.
That must have been it, I have removed it now and it worked just fine.
Once again, many thanks for your help.
Regards
Olivier
|