Shorewall users - Dec 2008 - uanble to setup two interface firewall / router

Dear shorewall users,

i recently got an SDSL line which is working fine ( net surfing,etc) from a
single host ( mandriva 2008.1 , shorewal 4.0.9 )but now when i try to add
another nic and try to share with a few other machines, its not ok.

The modem ip ( Billion SDSL Modem Router - BIPAC 8500)  is 60.54.174.145 with
additional ip 60.54.174.146

A. Single NIC Scenario - eth0   - all ok
....................................................

when i setup eth0 as follows;

ipaddress: 60.54.174.146
netmask   : 255.255.255.252
gateway    : 60.54.174.145

i can connect to the internet fine. all ok.


B. Two NIC Scenario - eth0 , eth1 - not ok
...........................................................

Now i use the shorewall two interface samples and i am lost bcos of my own lack
of understanding of;

B.1 how to setup eth1 -  i tried setting eth1 as follows;

ipaddress: 192.168.10.1
netmask: 255.255.255.0
gateway : 60.54.174.146

when i try to start shorewall , i get ;

ERROR: Unable to determine route through interface ''eth1''

Googling has not produced a solution for me.


Help would be greatly appreciated. Many thanks in advance.
Regards,
MarcoPL



      

------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can''t happen without you.  Join us at MIX09 to
help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/

Linux Advocate schrieb:
> Dear shorewall users,
>
> i recently got an SDSL line which is working fine ( net surfing,etc) from a
single host ( mandriva 2008.1 , shorewal 4.0.9 )but now when i try to add
another nic and try to share with a few other machines, its not ok.
>
> The modem ip ( Billion SDSL Modem Router - BIPAC 8500)  is 60.54.174.145
with additional ip 60.54.174.146
>
> A. Single NIC Scenario - eth0   - all ok
> ....................................................
>
> when i setup eth0 as follows;
>
> ipaddress: 60.54.174.146
> netmask   : 255.255.255.252
> gateway    : 60.54.174.145
>
> i can connect to the internet fine. all ok.
>
>
> B. Two NIC Scenario - eth0 , eth1 - not ok
> ...........................................................
>
> Now i use the shorewall two interface samples and i am lost bcos of my own
lack of understanding of;
>
> B.1 how to setup eth1 -  i tried setting eth1 as follows;
>
> ipaddress: 192.168.10.1
> netmask: 255.255.255.0
> gateway : 60.54.174.146
>
> when i try to start shorewall , i get ;
>
> ERROR: Unable to determine route through interface ''eth1''
>
> Googling has not produced a solution for me.
>
>
> Help would be greatly appreciated. Many thanks in advance.
> Regards,
> MarcoPL
>
>   
Hello Marco,

drop the gateway setting on your internal interface (eth1), you don''t
need it at all. Your system knows where to route to from the settings
of eth0. Your default gateway has to be the SDSL router.
Not a mandriva expert, but be sure to enable routing on your machine.

HTH,
Philipp


------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can''t happen without you.  Join us at MIX09 to
help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/

Linux Advocate wrote:
> Dear shorewall users,
> 
> i recently got an SDSL line which is working fine ( net surfing,etc) from a
single host ( mandriva 2008.1 , shorewal 4.0.9 )but now when i try to add
another nic and try to share with a few other machines, its not ok.
> 
> The modem ip ( Billion SDSL Modem Router - BIPAC 8500)  is 60.54.174.145
with additional ip 60.54.174.146
> 
> A. Single NIC Scenario - eth0   - all ok
> ....................................................
> 
> when i setup eth0 as follows;
> 
> ipaddress: 60.54.174.146
> netmask   : 255.255.255.252
> gateway    : 60.54.174.145
> 
> i can connect to the internet fine. all ok.
> 
> 
> B. Two NIC Scenario - eth0 , eth1 - not ok
> ...........................................................
> 
> Now i use the shorewall two interface samples and i am lost bcos of my own
lack of understanding of;
> 
> B.1 how to setup eth1 -  i tried setting eth1 as follows;
> 
> ipaddress: 192.168.10.1
> netmask: 255.255.255.0
> gateway : 60.54.174.146   
<<<<<<<<<<<<<<<<<
> 
> when i try to start shorewall , i get ;
> 
> ERROR: Unable to determine route through interface ''eth1''
> 
> Googling has not produced a solution for me.
> 
> 
> Help would be greatly appreciated. Many thanks in advance.
> Regards,
> MarcoPL
Don''t set a gateway for eth1.

Jerry

------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can''t happen without you.  Join us at MIX09 to
help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/

Thanx Jerry , Philipp.

will try yr suggestion and report back.





----- Original Message ----
From: Philipp Rusch - New Vision IT <philipp.rusch@newvision-it.de>
To: Shorewall Users <shorewall-users@lists.sourceforge.net>
Sent: Sunday, December 7, 2008 11:13:41 AM
Subject: Re: [Shorewall-users] uanble to setup two interface firewall / router

Linux Advocate schrieb:
> Dear shorewall users,
>
> i recently got an SDSL line which is working fine ( net surfing,etc) from a
single host ( mandriva 2008.1 , shorewal 4.0.9 )but now when i try to add
another nic and try to share with a few other machines, its not ok.
>
> The modem ip ( Billion SDSL Modem Router - BIPAC 8500)  is 60.54.174.145
with additional ip 60.54.174.146
>
> A. Single NIC Scenario - eth0   - all ok
> ....................................................
>
> when i setup eth0 as follows;
>
> ipaddress: 60.54.174.146
> netmask   : 255.255.255.252
> gateway    : 60.54.174.145
>
> i can connect to the internet fine. all ok.
>
>
> B. Two NIC Scenario - eth0 , eth1 - not ok
> ...........................................................
>
> Now i use the shorewall two interface samples and i am lost bcos of my own
lack of understanding of;
>
> B.1 how to setup eth1 -  i tried setting eth1 as follows;
>
> ipaddress: 192.168.10.1
> netmask: 255.255.255.0
> gateway : 60.54.174.146
>
> when i try to start shorewall , i get ;
>
> ERROR: Unable to determine route through interface ''eth1''
>
> Googling has not produced a solution for me.
>
>
> Help would be greatly appreciated. Many thanks in advance.
> Regards,
> MarcoPL
>
>  
Hello Marco,

drop the gateway setting on your internal interface (eth1), you don''t
need it at all. Your system knows where to route to from the settings
of eth0. Your default gateway has to be the SDSL router.
Not a mandriva expert, but be sure to enable routing on your machine.

HTH,
Philipp


------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can''t happen without you.  Join us at MIX09 to
help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users



      

------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can''t happen without you.  Join us at MIX09 to
help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/

guys, thanx. removing the gw settings in eth0 did the trick. but i  am wondering
if this is documented at the shorewall site.

http://www.shorewall.net/2.0/ErrorMessages.html


ERROR: Unable to determine the routes through interface <interface>
You have specified <interface> in the SUBNET column of /etc/shorewall/masq
which means that Shorewall is supposed to determine the network(s) routed
through that interface. To do that, Shorewall issues the command ip addr ls dev
<interface> and that command failed. This usually means that you are
trying to start Shorewall before the <interface> is brought up.

i couldnt find anything similar for 4.x error messages. is this documented at
the site?

>From: Linux Advocate <linuxhousedn@yahoo.com>
>To: Shorewall Users <shorewall-users@lists.sourceforge.net>
>Sent: Monday, December 8, 2008 6:08:50 PM
>Subject: Re: [Shorewall-users] uanble to setup two interface firewall /
router
>Thanx Jerry , Philipp.
>will try yr suggestion and report back.
> ----- Original Message ----
> From: Philipp Rusch - New Vision IT <philipp.rusch@newvision-it.de>
> To: Shorewall Users <shorewall-users@lists.sourceforge.net>
> Sent: Sunday, December 7, 2008 11:13:41 AM
> Subject: Re: [Shorewall-users] uanble to setup two interface firewall /
router
Linux Advocate schrieb:
> Dear shorewall users,
>
> i recently got an SDSL line which is working fine ( net surfing,etc) from a
single host ( mandriva 2008.1 , shorewal 4.0.9 )but now when i try to add
another nic and try to share with a few other machines, its not ok.
>
> The modem ip ( Billion SDSL Modem Router - BIPAC 8500)  is 60.54.174.145
with additional ip 60.54.174.146
>
> A. Single NIC Scenario - eth0   - all ok
> ....................................................
>
> when i setup eth0 as follows;
>
> ipaddress: 60.54.174.146
> netmask   : 255.255.255.252
> gateway    : 60.54.174.145
>
> i can connect to the internet fine. all ok.
>
>
> B. Two NIC Scenario - eth0 , eth1 - not ok
> ...........................................................
>
> Now i use the shorewall two interface samples and i am lost bcos of my own
lack of understanding of;
>
> B.1 how to setup eth1 -  i tried setting eth1 as follows;
>
> ipaddress: 192.168.10.1
> netmask: 255.255.255.0
> gateway : 60.54.174.146
>
> when i try to start shorewall , i get ;
>
> ERROR: Unable to determine route through interface ''eth1''
>
> Googling has not produced a solution for me.
>
>
> Help would be greatly appreciated. Many thanks in advance.
> Regards,
> MarcoPL
>
>  
Hello Marco,

drop the gateway setting on your internal interface (eth1), you don''t
need it at all. Your system knows where to route to from the settings
of eth0. Your default gateway has to be the SDSL router.
Not a mandriva expert, but be sure to enable routing on your machine.

HTH,
Philipp


------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can''t happen without you.  Join us at MIX09 to
help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users


      

------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can''t happen without you.  Join us at MIX09 to
help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/