Bharath Sankaranarayan
2002-Feb-20 17:24 UTC
[Shorewall-users] Shorewall Firewall with Standard Template configuration with 2 NIC''s
Hello: I recently stumbled on Shorewall and decided to give it a try. I downloaded the latest tarball and installed it on my firewall box, equipped with 2 Nics. I also took one of the standard templates that uses 2 NIcs. Ihave cable modem on eth0 and eth1 is my private lan with 172.25.1.0/24 adress. I got most of it going except that I am not able to acess the internet from the Firewall box. I am able to do it from boxes behind the Firewall. I am sure that I missed something in the zones or the parameter file. Any thoughts on rectifying it. The firewall cannot even ping an outside address. I read thru the shorewall site and there is a ref on allowing ICMP pings but which file should I modify Also on the Hosts file should I include the ip for th eth0 ( NET_IF) which is dynamic. The reason I ask this is because when the shorewall starts I see eth0 0.0.0.0 and eth1 172.25.1.1 Thanks Bharath
Tom Eastep
2002-Feb-20 17:36 UTC
[Shorewall-users] Shorewall Firewall with Standard Template configuration with 2 NIC''s
Bharath, a) For a simple two-NIC setup you do NOT need to modify the hosts file. You should leave it empty! b) Since you have a dynamic IP address, you should leave NET_BCAST=detect and simply start shorewall after you have brought up your interfaces. c) As stated in the comment in the policy file, there is a line to uncomment to give you open access from the firewall to the internet. -Tom -----Original Message----- From: shorewall-users-admin@shorewall.net [mailto:shorewall-users-admin@shorewall.net] On Behalf Of Bharath Sankaranarayan Sent: Wednesday, February 20, 2002 9:24 AM To: shorewall-users@shorewall.net Subject: [Shorewall-users] Shorewall Firewall with Standard Template configuration with 2 NIC''s Hello: I recently stumbled on Shorewall and decided to give it a try. I downloaded the latest tarball and installed it on my firewall box, equipped with 2 Nics. I also took one of the standard templates that uses 2 NIcs. Ihave cable modem on eth0 and eth1 is my private lan with 172.25.1.0/24 adress. I got most of it going except that I am not able to acess the internet from the Firewall box. I am able to do it from boxes behind the Firewall. I am sure that I missed something in the zones or the parameter file. Any thoughts on rectifying it. The firewall cannot even ping an outside address. I read thru the shorewall site and there is a ref on allowing ICMP pings but which file should I modify Also on the Hosts file should I include the ip for th eth0 ( NET_IF) which is dynamic. The reason I ask this is because when the shorewall starts I see eth0 0.0.0.0 and eth1 172.25.1.1 Thanks Bharath