Johny Hazin
2004-Aug-21 20:51 UTC
[Shorewall-devel] Problems with Version 2.0.7 and Fedora 2
Hi!, I have Fedora 2 installed (Kernel 2.6), 3 interfaces (eth0,eth1,eth2), in
the eth1 i have my local network and eth0 the Internet conection, when i do
masquerading (eth1 out by eth0) only works for a few minutes. I dont know what
i?m doing wrong, or only is an incompability or error between the OS Fedora 2
and the shorewall 2.0.7...i restart the shorewall service ones works anothers
doesnt. Today i installed shorewall 2.1.6 thats will going to fix my problem??
This is the information:
A) shorewall version
2.0.7
B) [root@ns root]# ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
5: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:c0:f0:54:dc:1e brd ff:ff:ff:ff:ff:ff
inet 200.62.42.166/29 brd 200.62.42.167 scope global eth0
inet6 fe80::2c0:f0ff:fe54:dc1e/64 scope link
valid_lft forever preferred_lft forever
6: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc cbq qlen 1000
link/ether 00:50:8b:e9:d3:7c brd ff:ff:ff:ff:ff:ff
inet 192.168.0.7/24 brd 192.168.0.255 scope global eth1
inet6 fe80::250:8bff:fee9:d37c/64 scope link
valid_lft forever preferred_lft forever
7: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:8b:5e:d6:f8 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.1/24 brd 10.10.10.255 scope global eth2
inet6 fe80::250:8bff:fe5e:d6f8/64 scope link
valid_lft forever preferred_lft forever
8: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
C) [root@ns root]# ip route show
200.62.42.160/29 dev eth0 proto kernel scope link src 200.62.42.166
192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.7
10.10.10.0/24 dev eth2 proto kernel scope link src 10.10.10.1
169.254.0.0/16 dev eth2 scope link
default via 200.62.42.161 dev eth0
Thanks
Johny
Tom Eastep
2004-Aug-22 03:57 UTC
Re: [Shorewall-devel] Problems with Version 2.0.7 and Fedora 2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Johny Hazin wrote: | Hi!, I have Fedora 2 installed (Kernel 2.6), 3 interfaces (eth0,eth1,eth2), in the eth1 i have my local network and eth0 the Internet conection, when i do masquerading (eth1 out by eth0) only works for a few minutes. I dont know what i´m doing wrong, or only is an incompability or error between the OS Fedora 2 and the shorewall 2.0.7...i restart the shorewall service ones works anothers doesnt. Today i installed shorewall 2.1.6 thats will going to fix my problem?? | This is the information: | I''m sending the reply to the Shorewall Users list rather than the Shorewall development list since the original question involves Shorwall 2.0.7. Lots of people are running Shorwall 2.0 with Fedora 2 (including me) without problems. What Shorewall messages are you seeing in your log when things stop working? - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBKBmeO/MAbZfjDLIRAmbHAJ9pFGvwcH7sB9J9ckMGkRssTF5/YQCfdsLR gOgcKsOmGWEom3FRAZnYy2U=JOhM -----END PGP SIGNATURE-----
Tom Eastep
2004-Aug-22 14:18 UTC
Re: [Shorewall-devel] Problems with Version 2.0.7 and Fedora 2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Please keep your replies on the list. Johny Hazin wrote: | Hi again, ok when the problem appear just I cant navigate and the ping''s | doesnt respond, after that I look the log file and simply the shorewall stop | generate it. While the things work fine the log file is generating | constantly with like this (Only i saw one error, the last): | | Aug 18 15:40:35 ns kernel: Shorewall:net2all:DROP:IN=eth0 OUT| MAC=00:c0:f0:54:dc:1e:00:04:27:fd:6c:cb:08:00 SRC=142.179.5.127 | DST=200.62.42.166 LEN=112 TOS=0x00 PREC=0x00 TTL=111 ID=34913 PROTO=UDP | SPT=2409 DPT=2347 LEN=92 | Aug 18 15:40:36 ns kernel: Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth0 | SRC=192.168.0.129 DST=207.25.71.118 LEN=52 TOS=0x00 PREC=0 | x00 TTL=31 ID=56385 DF PROTO=TCP SPT=2436 DPT=80 WINDOW=18528 RES=0x00 SYN | URGP=0 | | Aug 18 14:57:49 ns network: Disabling IPv4 packet forwarding: succeeded | Aug 18 14:57:49 ns sysctl: net.ipv4.ip_forward = 0 | Aug 18 16:39:55 ns sysctl: net.ipv4.ip_forward = 0 | If you are seeing the above messages while Shorwall is started and your system is running then they indicate that *something* (and it''s not Shorwall) is turning off IP forwading. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBKKtKO/MAbZfjDLIRAmIQAKCSS1oNi+6ztDFLBPmt8A70uv+N7QCfQQMX gL4hS/WaZAK8Ckaq3zXP7zc=SSjz -----END PGP SIGNATURE-----