Shorewall users - Jan 2005 - Problems internet sharing between mandrake 10.1 and XP

Hi 
I have recently installed madrake 10.1 on my PC, i wish to connect my
laptop running XP to linux machine mainly for internet sharing.

Linux machine is connected to internet via ADSL USB modem (D Link 200).
I use eciadsl package(driver) for this modem and apparently in the
network interface it comes up as tap0 . I have network card installed
to my PC which comes up as eth0. This network card is connected to a
switch and my  laptop also connected to the switch.
I tried to use the internet sharing wizard of mandrake 10.1 but
without success. So after doing search on net found shorewall. And I
believe I need to use the two interface example setting ???
I have been able to ping both machines successfully with IP address,
but somehow cannot share the internet to laptop.
I have a static IP address with my adsl  connection : 220.244.126.62
Here are some  configuration details :
1) interfaces file
net     tap0    detect
loc     eth0    detect
2)   policy file
loc     net     ACCEPT
fw      loc     ACCEPT
fw      net     ACCEPT
net     all     DROP    info
all     all     REJECT  info
3) masq file
tap0    eth0
4)  routesstopped file
eth0            -

I have set up the network connection that is eth0 with following configuration :
IP address : 10.10.10.5
Net mask : 255.255.255.0
Gateway : 220.244.126.61 ( given by my ISP)

On my laptop i use the xp network setup wizard and configure the
following TCP/IP settings
ip address : 10.10.10.2
sub net mask : 255.255.255.0
default gateway : 10.10.10.5 (ip address of linux machine)
primary dns : 10.10.10.5 (again ip of linux machine)

This is output from the log  file. 
Jan 30 01:44:37 220 kernel: Shorewall:all2all:REJECT:IN=eth0
OUTMAC=00:50:fc:3f:4f:94:00:0b:cd:35:54:52:08:00 SRC=10.10.10.2
DST=10.10.10.5 LEN=67 TOS=0x00 PREC=0x00 TTL=128 ID=273 PROTO=UDP
SPT=1030 DPT=53 LEN=47
-----
Jan 30 01:56:45 220 kernel: 203.213.40.17 sent an invalid ICMP type 3,
code 0 error to a broadcast: 220.244.126.255 on tap0

Can someone kindly please assist me in what i am doing wrong or if I
am missing some setting.

Regards,
Hiten.

hiten ravani wrote:
> I tried to use the internet sharing wizard of mandrake 10.1 but
> without success. So after doing search on net found shorewall.
Note that the Internet Sharing Wizard on Mandrake also configures Shorewall.
> And I
> believe I need to use the two interface example setting ???
Yes.
> I have been able to ping both machines successfully with IP address,
> but somehow cannot share the internet to laptop.
But Internet access is ok from the Mandrake system, correct?
> I have a static IP address with my adsl  connection : 220.244.126.62
> Here are some  configuration details :
> 1) interfaces file
> net     tap0    detect
> loc     eth0    detect
> 2)   policy file
> loc     net     ACCEPT
> fw      loc     ACCEPT
> fw      net     ACCEPT
> net     all     DROP    info
> all     all     REJECT  info
> 3) masq file
> tap0    eth0
> 4)  routesstopped file
> eth0            -
> 
> I have set up the network connection that is eth0 with following
configuration :
> IP address : 10.10.10.5
> Net mask : 255.255.255.0
> Gateway : 220.244.126.61 ( given by my ISP)
It is not necessary to have a gateway on your local network.
> 
> On my laptop i use the xp network setup wizard and configure the
> following TCP/IP settings
> ip address : 10.10.10.2
> sub net mask : 255.255.255.0
> default gateway : 10.10.10.5 (ip address of linux machine)
> primary dns : 10.10.10.5 (again ip of linux machine)
So you run a DNS server on your Mandrake system? If not, then you should
configure DNS on the laptop just like it is on the Mandrake box. If not,
you missed the part in the QuickStart Guide which talked about DNS (see
below).
> 
> This is output from the log  file. 
> Jan 30 01:44:37 220 kernel: Shorewall:all2all:REJECT:IN=eth0 OUT>
MAC=00:50:fc:3f:4f:94:00:0b:cd:35:54:52:08:00 SRC=10.10.10.2
> DST=10.10.10.5 LEN=67 TOS=0x00 PREC=0x00 TTL=128 ID=273 PROTO=UDP
> SPT=1030 DPT=53 LEN=47
That means that DNS requests from the Laptop are being blocked by the
''all2all'' policy (see below).
> -----
> Jan 30 01:56:45 220 kernel: 203.213.40.17 sent an invalid ICMP type 3,
> code 0 error to a broadcast: 220.244.126.255 on tap0
That means that 203.213.40.17 broke protocol -- it doesn''t concern you.
> 
> Can someone kindly please assist me in what i am doing wrong or if I
> am missing some setting.
>
You need to do ONE of the following:

a) Change the XP box''s DNS configuration (see above).
b) Add this rule, as described in the QuickStart Guide:

	AllowDNS	loc	fw

c) Add this policy:

	ACCEPT		loc	fw

Add the policy if you plan to access lots of services on your Mandrake
system from your XP laptop.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Hi Tom,

It works (Whoa!!!!!!!!) sorry abt the excitement, but i am working my
way with linux.

Thank you very very much for you help. I really appreciate it.

Regards,
Hiten.