Hi,
I''ve been with these setup but it really doesn''t seem to work.
I
intend to share the internet connection while running the
firewall to our clients. And I dont know what went wrong. Please
help me with this configuration. Thanks a million in advance.
Interfaces - loc eth1 detect
net eth0 detect
dhcp,routefilter,tcpflags
masq - eth0 eth1
policy - net all ACCEPT alert
loc net ACCEPT
all all ACCEPT
rules - ACCEPT loc net all
ACCEPT net $FW tcp 80
zones - loc ipv4
net ipv4
fw firewall
Freelance IT/Open Source Consultant
Linux Registered User #383849
---------------------------------------------
Free POP3 Email from www.Gawab.com
Sign up NOW and get your account @gawab.com!!
tata dano wrote:> Hi, > > I''ve been with these setup but it really doesn''t seem to work. I > intend to share the internet connection while running the > firewall to our clients. And I dont know what went wrong. Please > help me with this configuration. Thanks a million in advance. > > Interfaces - loc eth1 detect > net eth0 detect > dhcp,routefilter,tcpflags > > masq - eth0 eth1 > > policy - net all ACCEPT alert > loc net ACCEPT > all all ACCEPT > > rules - ACCEPT loc net all > ACCEPT net $FW tcp 80 > > zones - loc ipv4 > net ipv4 > fw firewallI recommend: a) Restore the configuration files to the way described in the two-interface QuickStart Guide (http://www.shorewall.net/two-interface.htm). Your current policy/rule configuration is wide open and silly. b) Carefully follow each step in the guide. Without more to go on, I suspect that you are running Debian or one of its derivatives like Ubuntu and you haven''t enabled IP forwarding (there''s a warning about that in the Guide). c) If you still can''t make it work, then submit another report with the information requested at http://www.shorewall.net/support.htm. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Yeah, i am running ubuntu. Thanks for the help. Im just a newbie with this stuff.> I recommend: > > a) Restore the configuration files to the way described in the two-interface > QuickStart Guide (http://www.shorewall.net/two-interface.htm). Your current > policy/rule configuration is wide open and silly. > > b) Carefully follow each step in the guide. Without more to go on, I suspect > that you are running Debian or one of its derivatives like Ubuntu and you > haven''t enabled IP forwarding (there''s a warning about that in the Guide). > > c) If you still can''t make it work, then submit another report with the > information requested at http://www.shorewall.net/support.htm. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key >Freelance IT/Open Source Consultant Linux Registered User #383849 --------------------------------------------- Free POP3 Email from www.Gawab.com Sign up NOW and get your account @gawab.com!!
Hi, I already worked out with your recommendation and followed what is instructed. While I am working with Ubuntu I learned a lot...but I noticed that when shorewall is started I got no connection with my workstations. It said "Destination Host Unreachable". But on my workstation I can ping my server with the eth1 address. Please help. Thanks in advance.> I recommend: > > a) Restore the configuration files to the way described in the two-interface > QuickStart Guide (http://www.shorewall.net/two-interface.htm). Your current > policy/rule configuration is wide open and silly. > > b) Carefully follow each step in the guide. Without more to go on, I suspect > that you are running Debian or one of its derivatives like Ubuntu and you > haven''t enabled IP forwarding (there''s a warning about that in the Guide). > > c) If you still can''t make it work, then submit another report with the > information requested at http://www.shorewall.net/support.htm. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key >Freelance IT/Open Source Consultant Linux Registered User #383849 --------------------------------------------- Free POP3 Email from www.Gawab.com Sign up NOW and get your account @gawab.com!!
tata dano wrote:> Hi, > > I already worked out with your recommendation and followed what > is instructed. While I am working with Ubuntu I learned a > lot...but I noticed that when shorewall is started I got no > connection with my workstations. It said "Destination Host > Unreachable". But on my workstation I can ping my server with > the eth1 address.>> c) If you still can''t make it work, then submit another report with the-------------------------------------------------------------------------->> information requested at http://www.shorewall.net/support.htm.----------------------------------------------------------------- -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key