Anyone ?|Another try and now with the info asked 4.
|nl1cat wrote:
| Hello..
| I have a somewhat "funny" setup.
| I use the dosemulator Dosemu for running a dos based packetradio
nodeprogram
| called Xrouter.
| I setup dosemu to use my eth1 (lan) nic and i bring up a device called
dsn0.
| (this is all running on Slackware 9.1 without X)
| insmod /etc/dosemu/dosnet.o
| sleep 2
| ifconfig dsn0 192.168.1.1 netmask 255.255.255.0
| route add -host 192.168.1.2 dsn0
| dosemu < /dev/tty8 >/dev/tty8 &
|
| The lan is a different net 192.168.244.0/24
| Eth0 is set by pppoe and gets ppp0.
|
| The question is how to treat dsn0 and the dos client (192.168.1.2)??
| On the lan the stuff works and i can "talk" to an other Xrouter ok ,
but i
| cant seem to get packets onto and from the inet.
| Do i need to set dsn0 under te hosts file?
| I have the dsn0 net 192.168.1.0/24 configured like a normal interface and
| tried to forward to the dosclient to the dsn0zone (pack)
| DNAT net pack:192.168.1.2 udp 93
| but nothing is gettin trough..
Shorewall version 2.0.7.
ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:10:a7:02:2e:82 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:40:95:1c:75:ec brd ff:ff:ff:ff:ff:ff
inet 192.168.244.168/24 brd 192.168.244.255 scope global eth1
4: ax0: <BROADCAST,UP> mtu 255 qdisc pfifo_fast qlen 10
link/ax25 9c:98:6e:86:82:a8:10 brd a2:a6:a8:40:40:40:60
inet 192.168.244.172/24 brd 192.168.244.255 scope global ax0
5: dsn0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 64:62:00:00:64:62 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global dsn0
6: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen 3
link/ppp
inet 213.17.101.224 peer 213.17.100.1/32 scope global ppp0
ip route show
213.17.100.1 dev ppp0 proto kernel scope link src 213.17.101.224
192.168.1.2 dev dsn0 scope link
192.168.244.0/24 dev eth1 proto kernel scope link src 192.168.244.168
192.168.244.0/24 dev ax0 proto kernel scope link src 192.168.244.172
192.168.1.0/24 dev dsn0 proto kernel scope link src 192.168.1.1
127.0.0.0/8 dev lo scope link
default via 213.17.100.1 dev ppp0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: status.zip
Type: application/x-zip-compressed
Size: 2975 bytes
Desc: not available
Url :
http://lists.shorewall.net/pipermail/shorewall-users/attachments/20040906/a6559cb5/status-0001.bin
----------------------------------------------------------------------------
----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 nl1cat wrote: | Anyone ?|Another try and now with the info asked 4. | Try adding ''dns0'' as another interface to the ''loc'' zone (unless you want to firewall the emulator from ''loc'' in which case you need to make the emulator it''s own zone accessed via ''dsn0'' and set up the appropriate polcies and rules to/from your other zones). - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBQL7nO/MAbZfjDLIRAmuWAJ44r/8Z+I1LQdaa7qVNnmY7oY2jFwCaArwW R6sH8P0wWWLDR5V5z01TdY8=sSQK -----END PGP SIGNATURE-----
||nl1cat wrote:
|| Anyone ?|Another try and now with the ||info asked 4.
||
|Try adding ''dns0'' as another interface to |the
''loc'' zone (unless you
|want to firewall the emulator from ''loc'' in |which case you
need to make
|the emulator it''s own zone accessed via |''dsn0'' and
set up the
|appropriate polcies and rules to/from your |other zones).
|- -Tom
Hi Tom and the list.
I did just that.
loc1 eth1 192.168.244.255
loc1 dsn0 192.168.244.255
Dont have to firewall the emulator from the fw or the loc1.
But there is some arp trouble i think.
ax0 Link encap:AMPR AX.25 HWaddr NL7CAT-8
inet addr:192.168.244.172 Bcast:192.168.244.255
Mask:255.255.255.0
UP BROADCAST RUNNING MTU:255 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:292 (292.0 b) TX bytes:230 (230.0 b)
dsn0 Link encap:Ethernet HWaddr 64:62:00:00:64:62
inet addr:192.168.244.170 Bcast:192.168.244.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:105 errors:0 dropped:0 overruns:0 frame:0
TX packets:105 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2940 (2.8 Kb) TX bytes:2940 (2.8 Kb)
eth1 Link encap:Ethernet HWaddr 00:40:95:1C:75:EC
inet addr:192.168.244.168 Bcast:192.168.244.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:431 errors:0 dropped:0 overruns:0 frame:0
TX packets:572 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:35551 (34.7 Kb) TX bytes:106831 (104.3 Kb)
Interrupt:5 Base address:0x300
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:84 errors:0 dropped:0 overruns:0 frame:0
TX packets:84 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6380 (6.2 Kb) TX bytes:6380 (6.2 Kb)
See dsn0 has a hw addr of its own , but when i check arp from an other
client the hw adress of eth1 comes up .
The dos client in the emulator cant find the hw adresses of dsn0 and eth1
and cant ping them (got error)
So i give in manually in the dosclient the hw adresses of dsn0 and eth1 and
there is no error with the ping cmd but they are unreachable.(tried for dsn0
both the hw adress of eth1 and dsn0)
192.168.244.171 = dos client
PING 192.168.244.170 (192.168.244.170) 56(84) bytes of data.
64 bytes from 192.168.244.170: icmp_seq=1 ttl=64 time=0.331 ms
64 bytes from 192.168.244.170: icmp_seq=2 ttl=64 time=0.206 ms
64 bytes from 192.168.244.170: icmp_seq=3 ttl=64 time=0.207 ms
64 bytes from 192.168.244.170: icmp_seq=4 ttl=64 time=0.207 ms
64 bytes from 192.168.244.170: icmp_seq=5 ttl=64 time=0.205 ms
64 bytes from 192.168.244.170: icmp_seq=6 ttl=64 time=0.210 ms
64 bytes from 192.168.244.170: icmp_seq=7 ttl=64 time=0.209 ms
--- 192.168.244.170 ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6006ms
rtt min/avg/max/mdev = 0.205/0.225/0.331/0.043 ms
root@server:/etc/shorewall# ping 192.168.244.171
PING 192.168.244.171 (192.168.244.171) 56(84) bytes of
data.>From 192.168.244.170 icmp_seq=1 Destination Host Unreachable
>From 192.168.244.170 icmp_seq=2 Destination Host Unreachable
>From 192.168.244.170 icmp_seq=3 Destination Host Unreachable
>From 192.168.244.170 icmp_seq=4 Destination Host Unreachable
>From 192.168.244.170 icmp_seq=5 Destination Host Unreachable
>From 192.168.244.170 icmp_seq=6 Destination Host Unreachable
--- 192.168.244.171 ping statistics ---
7 packets transmitted, 0 received, +6 errors, 100% packet loss, time 6025ms
, pipe 3
As you can see i can ping dsn0 from the console but not the dos client..
The arp list from the fw:
root@server:~# arp -n
Address HWtype HWaddress Flags Mask
Iface
192.168.244.171 (incomplete)
dsn0
192.168.244.161 ether 00:10:5A:60:95:77 C
eth1
192.168.244.162 ether 00:50:BF:44:8C:00 C
eth1
192.168.244.129 ether 00:06:5B:10:79:57 C
eth1
The arp entry from the dosclient isnt complete but even when i give it a
Hwadress (the same dsn0 or eth1) is still cant ping to it from the console ,
i can can ping the dosclient from a different pc though.
Im no netexpert thats obvious but my box of tricks is runnin dry..
Can i do some thing with proxyarp or is there an other way round this?
Eddy
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Eddy wrote: | | Im no netexpert thats obvious but my box of tricks is runnin dry.. | Can i do some thing with proxyarp or is there an other way round this? In /etc/shorewall/proxyarp: 192.168.244.171 dsn0 eth1 no This will do two things: a) It will add a route to 192.168.244.171 on dsn0 -- that will allow access to the emulator from the firewall (It looks like you need this since you can''t seem to access the emulator from the firewall). b) It will add an ARP entry for 192.168.244.171 on eth0 so that other local hosts can acess the emulator. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBRaklO/MAbZfjDLIRApewAJwIs6K31wBtX6c7hfl29aJzc8eWRgCfX3FC FaU44RPUwA5JGod2mx4zTLw=LJLZ -----END PGP SIGNATURE-----
----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Eddy" <nl1cat@wanadoo.nl>; "Mailing List for Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Monday, September 13, 2004 4:05 PM Subject: Re: [Shorewall-users] Re: Shorewall and dosemu trouble> Eddy wrote: > > | > | Im no netexpert thats obvious but my box of tricks is runnin dry.. > | Can i do some thing with proxyarp or is there an other way round this? > > In /etc/shorewall/proxyarp: > > 192.168.244.171 dsn0 eth1 no > > This will do two things: > > a) It will add a route to 192.168.244.171 on dsn0 -- that will allow > access to the emulator from the firewall (It looks like you need this > since you can''t seem to access the emulator from the firewall). > > b) It will add an ARP entry for 192.168.244.171 on eth0 so that other > local hosts can acess the emulator. > > - -TomHi Tom and the list. Tom the proxyarp didnt work . So i thought to look closer at dosemu''s dosnet. There are 2 ways of configing tcp/ip on dosemu and i had dosnet.o module loaded but there is a tun/tap way to and it is a better way to do it. So now i have device tap0 instead of dsn0 and the tun/tap method provides a macaddress for the dosclient to. So now it all works like a clock. I''m sorry to bothered you with a problem that was really due to dosemu''s dosnet. Eddy p.s. Did i told you i really like Shorewall??