Hi all, I''m experiencing problems getting a Debian (Sarge) box to run as a basic firewall/masq machine. It is running the standard Debian kernel (currently at 2.4.25) Setup is: ppp0 through Alcatel USB modem (this connection works without a hitch) eth1 to local network Status: Currently eth1 can connect to Shorewall box (ssh, webmin, ping), but cannot ping any external address giving "Destination host unreachable" I have based my setup on the Shorewall two-interface example setup, with very few changes (mostly changing eth0 entries to pp0) I have followed the troubleshooting guide, and even tried the Ipmasq program instead but with no success. The kernel modules are present (as checked using the Shorewall kernel page). Attached is the result of ''shorewall status'', ''shorewall version'', ''ip route show'', and ''shorewall version''. Any help will be very gratefully received. I have spent many hours trying to get this to work. Thank you for your help.
Zebedee wrote:> > Currently eth1 can connect to Shorewall box (ssh, webmin, ping), but > cannot ping any external address giving "Destination host unreachable" >Looks to me like you have set the local systems'' default gateway correctly. Shorewall is seeing *no* traffic from the local zone to the net zone (rejected or otherwise). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote: rently eth1 can connect to Shorewall box (ssh, webmin, ping), but>> cannot ping any external address giving "Destination host unreachable" >> > > Looks to me like you have set the local systems'' default gateway > correctly. Shorewall is seeing *no* traffic from the local zone to the > net zone (rejected or otherwise).Make the "...set the local systems'' default gateway *incorrectly*". -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Thank you for your help on this one. I''ve changed the gateway details on the client, and I''ve had some success. I can now connect to web sites in the web browser, but only directly to the IP address - it looks like there is a funny with the DNS calling at the moment - which is probably not a Shorewall problem. Once again, thank you. I''m going to try and get this DNS stuff sorted now! -----Original Message----- From: Tom Eastep <teastep@shorewall.net> To: Mailing List for Shorewall Users <shorewall-users@lists.shorewall.net> Date: Sat, 22 May 2004 07:37:56 -0700 Subject: Re: [Shorewall-users] Masq routing problems Tom Eastep wrote: rently eth1 can connect to Shorewall box (ssh, webmin, ping), but>> cannot ping any external address giving "Destination host unreachable" >> > > Looks to me like you have set the local systems'' default gateway > correctly. Shorewall is seeing *no* traffic from the local zone to the > net zone (rejected or otherwise).Make the "...set the local systems'' default gateway *incorrectly*". -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Zebedee wrote:> Thank you for your help on this one. I''ve changed the gateway details on the client, and I''ve had some success. > > I can now connect to web sites in the web browser, but only directly to the IP address - it looks like there is a funny with the DNS calling at the moment - which is probably not a Shorewall problem. > > Once again, thank you. I''m going to try and get this DNS stuff sorted now!Might be a good idea to review the DNS info in the Two-interface QuickStart guide again... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net