Dear all, I''m new to shorewall (and quite new to linux), so please forgive me any obvious mistakes. As to my problem: I''ve installed shorewall on a raspberry pi because I want to replace a netgear 318 with it. eth0 is connected to the internal network 192.168.1.0/24. It has the fixed IP 192.168.1.4. eth1 is connected to the internet via ppp0. It has a fixed IP. DHCP is running on the pi as well, but it seems to be working (all clients on the subnet receive their IPs as defined in dhcpd.conf). What does work: I may - ping from the raspberry to the internet (google DNS servers 8.8.4.4 and 8.8.8.8). - ping from the pi to internal clients. - ping/shh from internal clients to the pi. - use a browser on the pi. What doesn''t: - routing / nat via the pi doesn''t seem to work, at least i won''t get any connections to the net. - connecting the pi via ssh: establishing theconnection to 192.168.1.4 is found reeeaaaaly slow if the ppp0 port is active, i.e. once a cable has been connected to it and pppoe is up (say 15 seconds). It looks as if the desktop first tries to find the pi "somewhere else" (again, please excuse my ignorance on inner ethernet workings in general) until a timeout get it back on track. The shorewall dump is attached below. Any help will be appreciated. ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
Hi it looks like you are not masquerading your private network to the internet! Do you have a line in your /etc/shorewall/masq like the following?: eth1 192.168.1.0/24 http://www.shorewall.net/manpages/shorewall-masq.html matt On 6 Oct 2013 at 10:21, Holger Apfel wrote: From: Holger Apfel <shorewall@apfel-edv.de> Date sent: Sun, 6 Oct 2013 10:21:59 +0200 To: shorewall-users@lists.sourceforge.net Subject: [Shorewall-users] unable to config shorewall correctly Send reply to: Shorewall Users <shorewall-users@lists.sourceforge.net> <mailto:shorewall-users-request@lists.sourceforge.net?subject=unsubscribe> <mailto:shorewall-users-request@lists.sourceforge.net?subject=subscribe>> Dear all, > > I''m new to shorewall (and quite new to linux), so please forgive me > any obvious mistakes. > > As to my problem: > I''ve installed shorewall on a raspberry pi because I want to replace a > netgear 318 with it. eth0 is connected to the internal network > 192.168.1.0/24. It has the fixed IP 192.168.1.4. eth1 is connected to > the internet via ppp0. It has a fixed IP. > > DHCP is running on the pi as well, but it seems to be working (all > clients on the subnet receive their IPs as defined in dhcpd.conf). > > What does work: I may > > - ping from the raspberry to the internet (google DNS servers 8.8.4.4 > and 8.8.8.8). - ping from the pi to internal clients. - ping/shh from > internal clients to the pi. - use a browser on the pi. > > What doesn''t: > > - routing / nat via the pi doesn''t seem to work, at least i won''t get > any connections to the net. - connecting the pi via ssh: establishing > theconnection to 192.168.1.4 is found reeeaaaaly slow if the ppp0 port > is active, i.e. once a cable has been connected to it and pppoe is up > (say 15 seconds). It looks as if the desktop first tries to find the > pi "somewhere else" (again, please excuse my ignorance on inner > ethernet workings in general) until a timeout get it back on track. > > The shorewall dump is attached below. > > Any help will be appreciated. > > >------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
Hi matt, I got something like this: ppp0 192.168.1.0/24 because I use pppoe. I tried with eth1 beforehand, but eth1 192.168.1.0/24 together with a change in interfaces from net ppp0 to net eth1 does compile but wouldn''t allow me to ping anything on the global network anymore. So I stayed with ppp0 as the nat output port as this at least seemed to get a connection between the firewall and the world. Greetings Holger Am 06.10.2013 um 12:13 schrieb matt darfeuille:> Hi it looks like you are not masquerading your private network to > the internet! > Do you have a line in your /etc/shorewall/masq like the following?: > eth1 192.168.1.0/24 > > http://www.shorewall.net/manpages/shorewall-masq.html > > matt > > On 6 Oct 2013 at 10:21, Holger Apfel wrote: > > From: Holger Apfel <shorewall@apfel-edv.de> > Date sent: Sun, 6 Oct 2013 10:21:59 +0200 > To: shorewall-users@lists.sourceforge.net > Subject: [Shorewall-users] unable to config shorewall correctly > Send reply to: Shorewall Users <shorewall-users@lists.sourceforge.net> > <mailto:shorewall-users-request@lists.sourceforge.net?subject=unsubscribe> > <mailto:shorewall-users-request@lists.sourceforge.net?subject=subscribe> > >> Dear all, >> >> I''m new to shorewall (and quite new to linux), so please forgive me >> any obvious mistakes. >> >> As to my problem: >> I''ve installed shorewall on a raspberry pi because I want to replace a >> netgear 318 with it. eth0 is connected to the internal network >> 192.168.1.0/24. It has the fixed IP 192.168.1.4. eth1 is connected to >> the internet via ppp0. It has a fixed IP. >> >> DHCP is running on the pi as well, but it seems to be working (all >> clients on the subnet receive their IPs as defined in dhcpd.conf). >> >> What does work: I may >> >> - ping from the raspberry to the internet (google DNS servers 8.8.4.4 >> and 8.8.8.8). - ping from the pi to internal clients. - ping/shh from >> internal clients to the pi. - use a browser on the pi. >> >> What doesn''t: >> >> - routing / nat via the pi doesn''t seem to work, at least i won''t get >> any connections to the net. - connecting the pi via ssh: establishing >> theconnection to 192.168.1.4 is found reeeaaaaly slow if the ppp0 port >> is active, i.e. once a cable has been connected to it and pppoe is up >> (say 15 seconds). It looks as if the desktop first tries to find the >> pi "somewhere else" (again, please excuse my ignorance on inner >> ethernet workings in general) until a timeout get it back on track. >> >> The shorewall dump is attached below. >> >> Any help will be appreciated. >> >> >> > > > > ------------------------------------------------------------------------------ > October Webinars: Code for Performance > Free Intel webinars can help you accelerate application performance. > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from > the latest Intel processors and coprocessors. See abstracts and register > > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
Ok, I got it eventually: sometime between the whole hassle I forgot to enter a DNS server into the DHCP server. So I could ping and everything, but anything which needed a DNS just timed out. Thanks for the spend time, Matt! Hi matt, I got something like this: ppp0 192.168.1.0/24 because I use pppoe. I tried with eth1 beforehand, but eth1 192.168.1.0/24 together with a change in interfaces from net ppp0 to net eth1 does compile but wouldn''t allow me to ping anything on the global network anymore. So I stayed with ppp0 as the nat output port as this at least seemed to get a connection between the firewall and the world. Greetings Holger Am 06.10.2013 um 12:13 schrieb matt darfeuille:> Hi it looks like you are not masquerading your private network to > the internet! > Do you have a line in your /etc/shorewall/masq like the following?: > eth1 192.168.1.0/24 > > http://www.shorewall.net/manpages/shorewall-masq.html > > matt > > On 6 Oct 2013 at 10:21, Holger Apfel wrote: > > From: Holger Apfel <shorewall@apfel-edv.de> > Date sent: Sun, 6 Oct 2013 10:21:59 +0200 > To: shorewall-users@lists.sourceforge.net > Subject: [Shorewall-users] unable to config shorewall correctly > Send reply to: Shorewall Users <shorewall-users@lists.sourceforge.net> > <mailto:shorewall-users-request@lists.sourceforge.net?subject=unsubscribe> > <mailto:shorewall-users-request@lists.sourceforge.net?subject=subscribe> > >> Dear all, >> >> I''m new to shorewall (and quite new to linux), so please forgive me >> any obvious mistakes. >> >> As to my problem: >> I''ve installed shorewall on a raspberry pi because I want to replace a >> netgear 318 with it. eth0 is connected to the internal network >> 192.168.1.0/24. It has the fixed IP 192.168.1.4. eth1 is connected to >> the internet via ppp0. It has a fixed IP. >> >> DHCP is running on the pi as well, but it seems to be working (all >> clients on the subnet receive their IPs as defined in dhcpd.conf). >> >> What does work: I may >> >> - ping from the raspberry to the internet (google DNS servers 8.8.4.4 >> and 8.8.8.8). - ping from the pi to internal clients. - ping/shh from >> internal clients to the pi. - use a browser on the pi. >> >> What doesn''t: >> >> - routing / nat via the pi doesn''t seem to work, at least i won''t get >> any connections to the net. - connecting the pi via ssh: establishing >> theconnection to 192.168.1.4 is found reeeaaaaly slow if the ppp0 port >> is active, i.e. once a cable has been connected to it and pppoe is up >> (say 15 seconds). It looks as if the desktop first tries to find the >> pi "somewhere else" (again, please excuse my ignorance on inner >> ethernet workings in general) until a timeout get it back on track. >> >> The shorewall dump is attached below. >> >> Any help will be appreciated. >> >> >> > > > > ------------------------------------------------------------------------------ > October Webinars: Code for Performance > Free Intel webinars can help you accelerate application performance. > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from > the latest Intel processors and coprocessors. See abstracts and register > > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk