On Saturday 07 February 2004 11:59 am, Rik Schmale wrote:> Same thought I had. But all are different. > > Eth0 is a eepro100 (on a the mainboard of a Siemens Celsius 400) > Eth1 is a rtl8169 (Gbit Lan) > Eth2 is a 3c59x (3com 905c tx) >Then the relationship between the id''s and drivers is established in /etc/modules.conf. Is that file correct? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Sat, 7 Feb 2004, Rik Schmale wrote:> Yes its is correct. Already checked that before > > > Here is the modules.conf > > probeall usb-interface usb-uhci > alias eth0 eepro100 > alias eth1 r8169 > probeall scsi_hostadapter pdc-ultra > alias eth2 3c59x >Ok -- you might try listing the modules in that order in /etc/modules and reboot. I use that technique on my Debian system to get the NICs detected in the proper order. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Done.... Same problem. No connectivity Should I remove the alias in the etc/modules If have edited the modules file like this # /etc/modules: kernel modules to load at boot time. # # This file should contain the names of kernel modules that are # to be loaded at boot time, one per line. Comments begin with # a `#'', and everything on the line after them are ignored. scsi_hostadapter alias eth0 eepro100 alias eth1 r8169 alias eth2 3c59x -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Saturday, February 07, 2004 9:20 PM To: Rik Schmale Cc: Shorewall Users Subject: RE: [Shorewall-users] OT question about NIC identity On Sat, 7 Feb 2004, Rik Schmale wrote:> Yes its is correct. Already checked that before > > > Here is the modules.conf > > probeall usb-interface usb-uhci > alias eth0 eepro100 > alias eth1 r8169 > probeall scsi_hostadapter pdc-ultra > alias eth2 3c59x >Ok -- you might try listing the modules in that order in /etc/modules and reboot. I use that technique on my Debian system to get the NICs detected in the proper order. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Sat, 7 Feb 2004, Rik Schmale wrote:> Done.... > > Same problem. No connectivity > > Should I remove the alias in the etc/modules > > If have edited the modules file like this > > # /etc/modules: kernel modules to load at boot time. > # > # This file should contain the names of kernel modules that are > # to be loaded at boot time, one per line. Comments begin with > # a `#'', and everything on the line after them are ignored. > > scsi_hostadapter > alias eth0 eepro100 > alias eth1 r8169 > alias eth2 3c59x >Now read the instructions in the comments and follow them. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1> # This file should contain the names of kernel modules that are > # to be loaded at boot time, one per line. Comments begin with > # a `#'', and everything on the line after them are ignored. > > scsi_hostadapter> alias eth0 eepro100 <<<<<<< > alias eth1 r8169 <<<<<<< > alias eth2 3c59x <<<<<<<I could be wrong but those aren''t module names as far as I know. 3c59x .......is a module radeon .....is a module You should have a directory that contains all module names. For me this is ..... "ls /lib/modules/`uname -r`/kernel/drivers/net" or /lib/modules/2.4.22-gentoo-r5/kernel/drivers/net find the module you need and use "modprobe ''module_name'' " to load the specified module. Im running Gentoo Linux so I don''t know if this is the same process for your Flavor of linux or not. If you don''t see need module names then that means that you don''t have them compiled into the kernel in which case you would need to do that first. I had a hard time with my 3com card. As soon as I got the module compiled into the kernel and then loaded correctly everything runs smoothly. HTH''s, Joshua Banks -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAJWCip9X7q/XgeyYRApFoAJsH3iJcoAHDKoVZrV4VebZER0ymEgCfcGCv mDDKQF4okr0rsYK62PPuph4=+PnN -----END PGP SIGNATURE-----
Changed it in modules. Erased the aliases and eth''s R8169 is not a radeon. It''s a realtek 8169 chip (gigabit lan) No differences. Eth2 shows connectivity and when plugged into the eth1 zip......nothing I want to have eth1 attached to my lan(gigabit switch) and eth2 to my access point. More ideas Joshua ?? Greetz, Rik -----Original Message----- From: Joshua Banks [mailto:syn_ack@comcast.net] Sent: Saturday, February 07, 2004 11:03 PM To: Mailing List for Experienced Shorewall Users; Rik Schmale Subject: Re: [Shorewall-users] OT question about NIC identity -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1> # This file should contain the names of kernel modules that are > # to be loaded at boot time, one per line. Comments begin with > # a `#'', and everything on the line after them are ignored. > > scsi_hostadapter> alias eth0 eepro100 <<<<<<< > alias eth1 r8169 <<<<<<< > alias eth2 3c59x <<<<<<<I could be wrong but those aren''t module names as far as I know. 3c59x .......is a module radeon .....is a module You should have a directory that contains all module names. For me this is ..... "ls /lib/modules/`uname -r`/kernel/drivers/net" or /lib/modules/2.4.22-gentoo-r5/kernel/drivers/net find the module you need and use "modprobe ''module_name'' " to load the specified module. Im running Gentoo Linux so I don''t know if this is the same process for your Flavor of linux or not. If you don''t see need module names then that means that you don''t have them compiled into the kernel in which case you would need to do that first. I had a hard time with my 3com card. As soon as I got the module compiled into the kernel and then loaded correctly everything runs smoothly. HTH''s, Joshua Banks -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAJWCip9X7q/XgeyYRApFoAJsH3iJcoAHDKoVZrV4VebZER0ymEgCfcGCv mDDKQF4okr0rsYK62PPuph4=+PnN -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 07 February 2004 02:44 pm, Rik Schmale wrote:> Changed it in modules. Erased the aliases and eth''s > > R8169 is not a radeon. It''s a realtek 8169 chip (gigabit lan) > > No differences. > > Eth2 shows connectivity and when plugged into the eth1 > zip......nothing > > I want to have eth1 attached to my lan(gigabit switch) and eth2 to my > access point. > > More ideas Joshua ??Radeon was an example.. It sounds like your going to need to contact either an emailing list or IRC channel that pertains to your distrobution of linux and explain to them what your experiencing. I wish I could''ve been more help. Tom''s already tried to help and I''ve given it my best shot. This is probably going to fall on def ears on the Shorewall mailing list since this isn''t a Shorewall issue. Good luck Rik. Joshua Banks -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAJYQwp9X7q/XgeyYRAheZAJ4hE6R1UlPU8egpZekONdRCswEeVgCaAlVP kMAJFr3UCj41NCD4KJmBFcU=U8sk -----END PGP SIGNATURE-----
On Sat, 7 Feb 2004, Joshua Banks wrote:> > > > More ideas Joshua ?? > > > Radeon was an example.. > > It sounds like your going to need to contact either an emailing list or > IRC channel that pertains to your distrobution of linux and explain to > them what your experiencing. I wish I could''ve been more help. Tom''s > already tried to help and I''ve given it my best shot. This is probably > going to fall on def ears on the Shorewall mailing list since this > isn''t a Shorewall issue. Good luck Rik. >Rik and I have been communicating off-list. His basic IP setup is wrong (all interfaces configured on the same subnet). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 07 February 2004 04:42 pm, Tom Eastep wrote:> Rik and I have been communicating off-list. His basic IP setup is > wrong (all interfaces configured on the same subnet).Doh... Sorry. I thought that the basics had already been worked through or I would''ve asked myself. So is the problem solved then? Joshua Banks -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAJY2dp9X7q/XgeyYRAnxlAJ44eaEb7v0ttrn34J9dWDx85ur36wCfWbgy 6t6+8++JgKZnot5SIhp4sX4=DMDU -----END PGP SIGNATURE-----
On Sat, 7 Feb 2004, Joshua Banks wrote:> On Saturday 07 February 2004 04:42 pm, Tom Eastep wrote: > > > Rik and I have been communicating off-list. His basic IP setup is > > wrong (all interfaces configured on the same subnet). > > Doh... > Sorry. I thought that the basics had already been worked through or I > would''ve asked myself. So is the problem solved then? >This was a new one for me -- I''ve never seen someone configure three interfaces with 10.0.0.1/24, 10.0.0.10/24 and 10.0.0.11/24. The symptoms symptoms were very much like shuffeled NICs vs. Interfaces. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom, I know this full off topic, but more people have the same probs. Its good to have this in your Shorewall documents, since Wireless lan will be implemented more and more. I have tried the setup like you said in your previous messages. A few good results. * DHCP is working for eth1 and eth2. Created to subnets in my dhcp.conf Eth0 is on 10.0.0.10 PPPoe connection Eth1 is on 10.0.0.1 LAN connection Eth2 is on 10.0.1.0 WLAN connection Ipconfig status when im connected to my Lan on Eth1 Connection-specific DNS Suffix . : Chases Description . . . . . . . . . . . : Realtek RTL8169/8110 Physical Address. . . . . . . . . : 00-50-FC-EF-A1-3E Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 10.0.0.101 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.0.0.1 DHCP Server . . . . . . . . . . . : 10.0.0.1 DNS Servers . . . . . . . . . . . : 62.104.64.3 Lease Obtained. . . . . . . . . . : Sunday, February 08, 2004 3:46:23 PM Lease Expires . . . . . . . . . . : Monday, February 09, 2004 1:46:23 AM Ipconfig status when im connected to my WLan on eth2 Connection-specific DNS Suffix . : Chases Description . . . . . . . . . . . : Realtek RTL8169/8110 Physical Address. . . . . . . . . : 00-50-FC-EF-A1-3E Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 10.0.1.10 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.0.1.1 DHCP Server . . . . . . . . . . . : 10.0.1.1 DNS Servers . . . . . . . . . . . : 62.104.64.3 Lease Obtained. . . . . . . . . . : Sunday, February 08, 2004 3:25:56 PM Lease Expires . . . . . . . . . . : Monday, February 09, 2004 1:25:56 AM So far so good, but when connected to my WLAN. I can ping,ftp, ssh to the server. But it can''t resolve internet names. So internet ain''t working. This is a very strange behavior since the gateway is on itself. Same ip. With the Lan connection it runs smooth. No problems. Why is it not revolving ? Thanks for your input. Rik -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Sunday, February 08, 2004 2:51 AM To: Mailing List for Experienced Shorewall Users Cc: Rik Schmale Subject: Re: [Shorewall-users] OT question about NIC identity On Sat, 7 Feb 2004, Joshua Banks wrote:> On Saturday 07 February 2004 04:42 pm, Tom Eastep wrote: > > > Rik and I have been communicating off-list. His basic IP setup is > > wrong (all interfaces configured on the same subnet). > > Doh... > Sorry. I thought that the basics had already been worked through or I > would''ve asked myself. So is the problem solved then? >This was a new one for me -- I''ve never seen someone configure three interfaces with 10.0.0.1/24, 10.0.0.10/24 and 10.0.0.11/24. The symptoms symptoms were very much like shuffeled NICs vs. Interfaces. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Sunday 08 February 2004 07:15 am, Rik Schmale wrote:> Tom, > > I know this full off topic, but more people have the same probs. Its good > to have this in your Shorewall documents, since Wireless lan will be > implemented more and more.Thanks for volunteering to write it. We''ll look forard to seeing the result.> > I have tried the setup like you said in your previous messages. A few good > results. >> > So far so good, but when connected to my WLAN. I can ping,ftp, ssh to the > server. But it can''t resolve internet names. So internet ain''t working. > This is a very strange behavior since the gateway is on itself.I haven''t a clue what that means.> Same ip. > With the Lan connection it runs smooth. No problems. > > Why is it not revolving ?The most obvious answer is that you neglected to update /etc/shorewall/masq as I mentioned yesterday. The /etc/shorewall/masq file that you posted to me was only masquerading 10.0.0.0/24. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Guys, I have got it working on Lan and WLan !!! Ive added the /etc/Shorewall/masq file. It looks now like this. #INTERFACE SUBNET ADDRESS ppp+ 10.0.0.0/24 ppp+ 10.0.1.0/24 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE Masquerading both subnets. 10.0.0.0/24 for my Lan and 10.0.1.0/24 for my WLAN. Thanks very much for your help. Tom if you would like have my complete setup files for Shorewall and Dhcp let me know I will mail them to you. Quite handy when someone is using the same setup like I did. But it kinda makes me curious what the problem was with the masq file. Can anyone explain this ?? Greetz, Rik -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Sunday, February 08, 2004 4:33 PM To: Rik Schmale; ''Mailing List for Experienced Shorewall Users'' Subject: Re: [Shorewall-users] OT question about NIC identity On Sunday 08 February 2004 07:15 am, Rik Schmale wrote:> Tom, > > I know this full off topic, but more people have the same probs. Its good > to have this in your Shorewall documents, since Wireless lan will be > implemented more and more.Thanks for volunteering to write it. We''ll look forard to seeing the result.> > I have tried the setup like you said in your previous messages. A few good > results. >> > So far so good, but when connected to my WLAN. I can ping,ftp, ssh to the > server. But it can''t resolve internet names. So internet ain''t working. > This is a very strange behavior since the gateway is on itself.I haven''t a clue what that means.> Same ip. > With the Lan connection it runs smooth. No problems. > > Why is it not revolving ?The most obvious answer is that you neglected to update /etc/shorewall/masq as I mentioned yesterday. The /etc/shorewall/masq file that you posted to me was only masquerading 10.0.0.0/24. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Sunday 08 February 2004 08:09 am, Rik Schmale wrote:> Guys, > > I have got it working on Lan and WLan !!! > > Ive added the /etc/Shorewall/masq file. It looks now like this. > > #INTERFACE SUBNET ADDRESS > ppp+ 10.0.0.0/24 > ppp+ 10.0.1.0/24 > #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE > > Masquerading both subnets. 10.0.0.0/24 for my Lan and 10.0.1.0/24 for my > WLAN. > > Thanks very much for your help. > > Tom if you would like have my complete setup files for Shorewall and Dhcp > let me know I will mail them to you. Quite handy when someone is using the > same setup like I did.I have a very similar setup here -- see http://www.shorewall.net/myfiles.htm. If you ignore the DMZ and the fact that I use one-to-one NAT on a couple of my local systems, the setup is the same from the point of view of networking and DHCP. I choose to make the WLan its own zone though (I call it WiFi) and I restrict the traffic allowed from that zone to my local zone. I also use MAC verification on traffic from the WLan (raises the bar a bit for folks in the neighborhood trying to piggyback on my WLan). I can hack the three-interface QuickStart Guide pretty easily to make a WLan guide or I can add another section to the two-interface guide.> > But it kinda makes me curious what the problem was with the masq file. Can > anyone explain this ??Traffic from the WLan segment to the internet was not being masqueraded. It was being sent with a source address in 10.0.1.0/24. The DNS server (64.x.x.x IIRC) replied but the reply couldn''t be routed back to that source (or, your ISP simply dropped the traffic on the way out because the source address was reserved by RFC 1918). By adding the entry to /etc/shorewall/masq, you caused the Wlan traffic to the net to be sent with a source address equal to the IP address of your network interface (ppp0). That IP address is public (not in the RFC 1918 ranges) so the reply can be routed back to your firewall where the destination IP address is changed back to that of the original requester (10.0.1.x) and routed back out to the Wlan. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Sun, 2004-02-08 at 08:09, Rik Schmale wrote:> On Sun, 2004-02-08 at 07:33, Tom Eastep wrote: > > On Sunday 08 February 2004 07:15 am, Rik Schmale wrote: > > > I know this full off topic, but more people have the same probs. Its good > > > to have this in your Shorewall documents, since Wireless lan will be > > > implemented more and more. > > > Thanks for volunteering to write it. We''ll look forard to seeing the result. > > Tom if you would like have my complete setup files for Shorewall and Dhcp > let me know I will mail them to you. Quite handy when someone is using the > same setup like I did.Rik, Please use the wiki to write up your solution. Thanks. Wiki Shorewall FAQ http://wiki.rettc.com/wiki.phtml?title=Wiki_Shorewall_FAQ -- Mike Noyes <mhnoyes at users.sourceforge.net> http://sourceforge.net/users/mhnoyes/ SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs
On Sunday 08 February 2004 10:09 am, Mike Noyes wrote:> On Sun, 2004-02-08 at 08:09, Rik Schmale wrote: > > On Sun, 2004-02-08 at 07:33, Tom Eastep wrote: > > > On Sunday 08 February 2004 07:15 am, Rik Schmale wrote: > > > > I know this full off topic, but more people have the same probs. Its > > > > good to have this in your Shorewall documents, since Wireless lan > > > > will be implemented more and more. > > > > > > Thanks for volunteering to write it. We''ll look forard to seeing the > > > result. > > > > Tom if you would like have my complete setup files for Shorewall and Dhcp > > let me know I will mail them to you. Quite handy when someone is using > > the same setup like I did. > > Rik, > Please use the wiki to write up your solution. Thanks. > > Wiki Shorewall FAQ > http://wiki.rettc.com/wiki.phtml?title=Wiki_Shorewall_FAQI''ve also added a short section at the end of the two-interface QuickStart Guide (http://shorewall.net/two-interface.htm). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net