good day to you, thank you for such a brilliant application with so many features. i have a few questions regarding my setup: my gateway has 3 interfaces internal interface --->etho:10.1.30.252 <http://10.1.30.252> ---> connected to my lan external interface 1 ----> eth1:10.1.30.252 <http://10.1.30.252> --->gateway 10.1.30.254(router) external interface 2 ----> eth2:192.168.1.22 <http://192.168.1.22> etho is connected to my lan and serves as a gateway - so i have set up all my workstations to use dhcp and their gateway is 10.1.30.252<http://10.1.30.252> eth1 is connected to my external interface1 but it goes though the same hub to the router eth2 is connected to a wireless interface all i want out of this is for my local network to be able to do anything online (allow any out), they must be nat but i am not sure if i can do this becuase my internal interface is on the same ip range as my external interface. but from the outside (internet) to be able to connect to ports such as ssh(22), 80, 443, etc i have set this up as good as possible using webmin interface but it doesnt seem to work what i have noticed is that when i start shorewall it changes my route to this: Destination Gateway Genmask Flags Metric Ref Use Iface 10.1.30.0 <http://10.1.30.0> * 255.255.255.0 <http://255.255.255.0> U 0 0 0 eth0 192.168.1.0 <http://192.168.1.0> * 255.255.255.0 <http://255.255.255.0> U 0 0 0 eth2 loopback * 255.0.0.0 <http://255.0.0.0> U 0 0 0 lo youll notice that it is missing my eth1 - any reasons why? this is what my route should look like: (when the firewall is stopped and i restart my network) Destination Gateway Genmask Flags Metric Ref Use Iface 10.1.30.0 <http://10.1.30.0> * 255.255.255.0 <http://255.255.255.0> U 0 0 0 eth0 10.1.30.0 <http://10.1.30.0> * 255.255.255.0 <http://255.255.255.0> U 0 0 0 eth1 192.168.1.0 <http://192.168.1.0> * 255.255.255.0 <http://255.255.255.0> U 0 0 0 eth2 loopback * 255.0.0.0 <http://255.0.0.0> U 0 0 0 lo default 10.1.30.254 <http://10.1.30.254> 0.0.0.0 <http://0.0.0.0> UG 1 0 0 eth1 thank you all for taking the time out to read this message, i really appreciate it, winston
>my gateway has 3 interfaces > >internal interface --->etho:10.1.30.252 <http://10.1.30.252> ---> connectedto my lan>external interface 1 ----> eth1:10.1.30.252 <http://10.1.30.252> --->gateway10.1.30.254(router)>external interface 2 ----> eth2:192.168.1.22 <http://192.168.1.22><snip>>Destination Gateway Genmask Flags Metric Ref Use Iface >10.1.30.0 <http://10.1.30.0> * 255.255.255.0 <http://255.255.255.0> U 0 0 0 eth0 >192.168.1.0 <http://192.168.1.0> * 255.255.255.0 <http://255.255.255.0> U 0 0 0 eth2 >loopback * 255.0.0.0 <http://255.0.0.0> U 0 0 0 lo > >youll notice that it is missing my eth1 - any reasons why? >You have the same network on both intrfaces, Route will only show the primary route. Route is a bit old now, ''ip route ls'' should be used.> >this is what my route should look like: (when the firewall is stopped and irestart my network)> >Destination Gateway Genmask Flags Metric Ref Use Iface >10.1.30.0 <http://10.1.30.0> * 255.255.255.0 <http://255.255.255.0> U 0 0 0 eth0 >10.1.30.0 <http://10.1.30.0> * 255.255.255.0 <http://255.255.255.0> U 0 0 0 eth1 >192.168.1.0 <http://192.168.1.0> * 255.255.255.0 <http://255.255.255.0> U 0 0 0 eth2 >loopback * 255.0.0.0 <http://255.0.0.0> U 0 0 0 lo >default 10.1.30.254 <http://10.1.30.254> 0.0.0.0 <http://0.0.0.0> UG 1 0 0 eth1Well, kind of, you should use a ''host route'' for the gateway, when both nics are on the same network. /sbin/route add -host 10.1.30.254 dev eth1 The resulting route table would be: 10.1.30.0 * 255.255.255.0 U 0 0 0 eth0 10.1.30.254 * 255.255.255.255 U 0 0 0 eth1 192.168.1.0 * 255.255.255.0 U 0 0 0 eth2 loopback * 255.0.0.0 U 0 0 0 lo default 10.1.30.254 0.0.0.0 UG 1 0 0 eth1 Note the 255.255.255.255 netmask for the route to the gateway. Jerry ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache''s Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
Cristian Rodriguez
2005-Sep-19 18:23 UTC
Re: 3 interface firewall - question from a newbie
Winston Nolan wrote:> good day to you, > > thank you for such a brilliant application with so many features. > > i have a few questions regarding my setup: > > my gateway has 3 interfaces > > internal interface --->etho:10.1.30.252 <http://10.1.30.252> ---> connected > to my lan > external interface 1 ----> eth1:10.1.30.252 <http://10.1.30.252> --->gateway > 10.1.30.254(router) > external interface 2 ----> eth2:192.168.1.22 <http://192.168.1.22>please re-read the three interfaces quick setup guide _carefully_ http://www.shorewall.net/three-interface.htm> eth1 is connected to my external interface1 but it goes though the same hub > to the routerthat''s insane,don''t do that. -- Cristian Rodriguez R. perl -e ''$_=pack(c5,0105,0107,0123,0132,(1<<3)+2);y[A-Z][N-ZA-M];print;''