Hi There, Re-work my question earlier, also by putting result from ''/sbin/shorewall dump'' which attached on ''status.txt'' and i am sorry for not making it as gzip As suggested and as I am still a newbie here, I change the IP for eth0 and eth1, but unfortunately, still same result, but I hope to get a light this time Shorewall version 4.0.14 Debian Etch Webmin Version 1.441 eth0 -> 10.1.1.4 connected to a router, act as gateway for other hosts eth1 -> 10.1.2.1 connected to wireless router eth2 -> connected to adsl bridged modem, working OK using RP-PPPoE, outputing ppp0 with correct ip from TPG Shorewall configuration Interfaces #ZONE INTERFACE BROADCAST OPTIONS net ppp0 - loc eth0 10.255.255.255 loc eth1 10.255.255.255 Masq #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK ppp0 eth1 ppp0 eth0 Policy all all ACCEPT Zones fw firewall net ipv4 loc ipv4 ~# shorewall check Checking... Initializing... Determining Zones... IPv4 Zones: net loc Firewall Zone: fw Validating interfaces file... Validating hosts file... Pre-processing Actions... Pre-processing /usr/share/shorewall/action.Drop... Pre-processing /usr/share/shorewall/action.Reject... Validating Policy file... Determining Hosts in Zones... net Zone: ppp0:0.0.0.0/0 loc Zone: eth0:0.0.0.0/0 eth1:0.0.0.0/0 Deleting user chains... Checking /etc/shorewall/routestopped ... Creating Interface Chains... Checking Common Rules Checking Kernel Route Filtering... Checking Martian Logging... Checking /etc/shorewall/rules... Checking Actions... Checking /usr/share/shorewall/action.Drop for Chain Drop... Checking /usr/share/shorewall/action.Reject for Chain Reject... Checking /etc/shorewall/policy... Checking Masquerading/SNAT Checking Traffic Control Rules... Checking Rule Activation... Compiling IP Forwarding... Shorewall configuration verified ~# shorewall status Shorewall-4.0.14 Status at debian - Tue Nov 25 20:23:36 EST 2008 Shorewall is running State:Started (Tue Nov 25 20:23:32 EST 2008) ~# ifconfig eth0 Link encap:Ethernet HWaddr 00:E0:4C:50:18:FD inet addr:10.1.1.4 Bcast:10.255.255.255 Mask:255.0.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:232 errors:0 dropped:0 overruns:0 frame:0 TX packets:321 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:38692 (37.7 KiB) TX bytes:218234 (213.1 KiB) Interrupt:201 Base address:0xa000 eth1 Link encap:Ethernet HWaddr 00:E0:4C:50:16:70 inet addr:10.1.2.1 Bcast:10.255.255.255 Mask:255.0.0.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:17 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3287 (3.2 KiB) TX bytes:0 (0.0 b) Interrupt:209 Base address:0x8000 eth2 Link encap:Ethernet HWaddr 00:15:58:1D:4B:4F inet6 addr: fe80::215:58ff:fe1d:4b4f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:425 errors:0 dropped:0 overruns:0 frame:0 TX packets:423 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:59062 (57.6 KiB) TX bytes:67383 (65.8 KiB) Interrupt:193 Base address:0xa800 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:560 (560.0 b) TX bytes:560 (560.0 b) ppp0 Link encap:Point-to-Point Protocol inet addr:xxx.xxx.xxx.xxx P-t-P:10.20.20.106 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 RX packets:379 errors:0 dropped:0 overruns:0 frame:0 TX packets:375 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:47826 (46.7 KiB) TX bytes:56054 (54.7 KiB) iface eth0 inet static address 10.1.1.4 netmask 255.0.0.0 network 10.0.0.0 broadcast 10.255.255.255 iface eth1 inet static address 10.1.2.1 netmask 255.0.0.0 network 10.0.0.0 broadcast 10.255.255.255 Start your day with Yahoo!7 and win a Sony Bravia TV. Enter now http://au.docs.yahoo.com/homepageset/?p1=other&p2=au&p3=tagline ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Hi There, Re-work my question earlier, also by putting result from ''/sbin/shorewall dump'' which attached on ''status.txt'' and i am sorry for not making it as gzip As suggested and as I am still a newbie here, I change the IP for eth0 and eth1, but unfortunately, still same result, but I hope to get a light this time I did not attached the result of the dump result, as it it delay this message to be added On Policy, I simply put "ALL ALL ACCEPT" just for a starter, to get this shorewall working is my priority I am using eth0 and connect from other host (e.g. 10.1.1.5, winXp) and set the gateway and DNS as 10.1.1.4 No connection, only able to ping 10.1.1.4 .... Shorewall version 4.0.14 Debian Etch Webmin Version 1.441 eth0 -> 10.1.1.4 connected to a router, act as gateway for other hosts eth1 -> 10.1.2.1 connected to wireless router, not connected at the moment, just trying to get wired connection working eth2 -> connected to adsl bridged modem, working OK using RP-PPPoE, outputing ppp0 with correct ip from TPG Shorewall configuration Interfaces #ZONE INTERFACE BROADCAST OPTIONS net ppp0 - loc eth0 10.255.255.255 loc eth1 10.255.255.255 Masq #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK ppp0 eth1 ppp0 eth0 Policy all all ACCEPT Zones fw firewall net ipv4 loc ipv4 ~# shorewall status Shorewall-4.0.14 Status at debian - Tue Nov 25 20:23:36 EST 2008 Shorewall is running State:Started (Tue Nov 25 20:23:32 EST 2008) ~# ifconfig eth0 Link encap:Ethernet HWaddr 00:E0:4C:50:18:FD inet addr:10.1.1.4 Bcast:10.255.255.255 Mask:255.0.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:232 errors:0 dropped:0 overruns:0 frame:0 TX packets:321 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:38692 (37.7 KiB) TX bytes:218234 (213.1 KiB) Interrupt:201 Base address:0xa000 eth1 Link encap:Ethernet HWaddr 00:E0:4C:50:16:70 inet addr:10.1.2.1 Bcast:10.255.255.255 Mask:255.0.0.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:17 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3287 (3.2 KiB) TX bytes:0 (0.0 b) Interrupt:209 Base address:0x8000 eth2 Link encap:Ethernet HWaddr 00:15:58:1D:4B:4F inet6 addr: fe80::215:58ff:fe1d:4b4f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:425 errors:0 dropped:0 overruns:0 frame:0 TX packets:423 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:59062 (57.6 KiB) TX bytes:67383 (65.8 KiB) Interrupt:193 Base address:0xa800 ppp0 Link encap:Point-to-Point Protocol inet addr:xxx.xxx.xxx.xxx P-t-P:10.20.20.106 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 RX packets:379 errors:0 dropped:0 overruns:0 frame:0 TX packets:375 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:47826 (46.7 KiB) TX bytes:56054 (54.7 KiB) Start your day with Yahoo!7 and win a Sony Bravia TV. Enter now http://au.docs.yahoo.com/homepageset/?p1=other&p2=au&p3=tagline ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Hi Phillipus, Phillipus Gunawan schrieb: <..>> ~# ifconfig > eth0 Link encap:Ethernet HWaddr 00:E0:4C:50:18:FD > inet addr:10.1.1.4 Bcast:10.255.255.255 Mask:255.0.0.0<...>> eth1 Link encap:Ethernet HWaddr 00:E0:4C:50:16:70 > inet addr:10.1.2.1 Bcast:10.255.255.255 Mask:255.0.0.0<...> The Mask 255.0.0.0 "says" that the first tripple of your IP-Address is the network part. So your addreses are still in the same! network. Use a different Network(mask), e.g. ip address 192.168.0.1, mask 255.255.0.0 for eth1. Regards Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke@filmakademie.de Filmakademie Baden-Württemberg GmbH Mathildenstr. 20 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Staatsrätin für Demographischen Wandel und für Senioren im Staatsministerium Geschäftsführer: Prof. Thomas Schadt ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Thanks for the reply, Changes made: ~# ifconfig eth0 Link encap:Ethernet HWaddr 00:E0:4C:50:18:FD inet addr:10.1.1.4 Bcast:10.255.255.255 Mask:255.0.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:391 errors:0 dropped:0 overruns:0 frame:0 TX packets:478 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:60910 (59.4 KiB) TX bytes:271552 (265.1 KiB) Interrupt:201 Base address:0x2000 eth1 Link encap:Ethernet HWaddr 00:E0:4C:50:16:70 inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Interrupt:209 Base address:0xa000 Interfaces #ZONE INTERFACE BROADCAST OPTIONS net ppp0 - loc eth0 10.255.255.255 loc eth1 192.168.1.255 using cable connected only on eth0 (loc 10.1.1.4 to switch) and eth2 (net, ppp0) nothing change, at my winXp 10.1.1.5, putting gateway/DNS as 10.1.1.4, cant ping www.yahoo.com winXp can ping 192.168.1.1 winXp can ping ppp0 ip address I attaching shorewall dump result, hope someone can give me a clue Cheers Hi Phillipus, Phillipus Gunawan schrieb: <..>> ~# ifconfig > eth0 Link encap:Ethernet HWaddr 00:E0:4C:50:18:FD > inet addr:10.1.1.4 Bcast:10.255.255.255 Mask:255.0.0.0<...>> eth1 Link encap:Ethernet HWaddr 00:E0:4C:50:16:70 > inet addr:10.1.2.1 Bcast:10.255.255.255 Mask:255.0.0.0<...> The Mask 255.0.0.0 "says" that the first tripple of your IP-Address is the network part. So your addreses are still in the same! network. Use a different Network(mask), e.g. ip address 192.168.0.1, mask 255.255.0.0 for eth1. Regards Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke@fi... Filmakademie Baden-Württemberg GmbH Mathildenstr. 20 71638 Ludwigsburg http://www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Staatsrätin für Demographischen Wandel und für Senioren im Staatsministerium Geschäftsführer: Prof. Thomas Schadt Start your day with Yahoo!7 and win a Sony Bravia TV. Enter now http://au.docs.yahoo.com/homepageset/?p1=other&p2=au&p3=tagline ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Phillipus Gunawan wrote:> using cable connected only on eth0 (loc 10.1.1.4 to switch) and eth2 (net, ppp0) > nothing change, at my winXp 10.1.1.5, putting gateway/DNS as 10.1.1.4, cant ping www.yahoo.com > winXp can ping 192.168.1.1 > winXp can ping ppp0 ip addressIf you have set the DNS server address to 10.1.1.4, then: a) You need to be running a DNS server on the firewall; and b) You need to allow DNS from loc->fw; and c) You need to allow DNS from fw->net The dump isn''t capable of telling us whether you are doing a) but it is definitely telling us that you are NOT doing either b) or c). You really should have followed the two-interface quickstart guide (http://www.shorewall.net/two-interface.htm) to set this up. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Shorewall Geek wrote:> Phillipus Gunawan wrote: > >> using cable connected only on eth0 (loc 10.1.1.4 to switch) and eth2 (net, ppp0) >> nothing change, at my winXp 10.1.1.5, putting gateway/DNS as 10.1.1.4, cant ping www.yahoo.com >> winXp can ping 192.168.1.1 >> winXp can ping ppp0 ip address > > If you have set the DNS server address to 10.1.1.4, then: > > a) You need to be running a DNS server on the firewall; and > b) You need to allow DNS from loc->fw; and > c) You need to allow DNS from fw->net > > The dump isn''t capable of telling us whether you are doing a) but it is > definitely telling us that you are NOT doing either b) or c).Note that the simplest way to run a DNS server on your firewall is to install dnsmasq. See http://www.shorewall.net/SplitDNS.html ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/