Hi all! I have a trouble and I need help. I set one working firewall earlier: I have a Terminal Server on one LAN, and a NET zone. I forwarded the TCP port 3389 to my server, and it is fork fine. My company bought one ADSL line to this server, so I want to configure. My configuration files is: interfaces: net eth0 detect loc eth1 detect ppp0 ppp0 #my ADSL have a permanent IP address provided my ISP policy: all all ACCEPT info rules: DNAT:info net loc:10.1.1.2 tcp 3389 DNAT:info ppp0 loc:10.1.1.2 tcp 3389 zones: net net Internet loc local Terminal Server ppp0 ppp0 ADSL And if I want to connet to the Terminal Server, I see the following log entries: Mar 30 05:18:36 ital kernel: Shorewall:net2loc:DNAT:IN=eth0 OUT=eth1 SRC=<my IP address> DST=10.1.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=37669 DF PROTO=TCP SPT=62570 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 Mar 30 05:18:45 ital kernel: Shorewall:all2all:ACCEPT:IN=eth1 OUTMAC=00:50:fc:9f:4d:a5:00:02:b3:b0:ba:d8:08:00 SRC=10.1.1.2 DST=10.1.1.1 LEN=126 TOS=0x00 PREC=0x00 TTL=128 ID=24551 PROTO=UDP SPT=4240 DPT=53 LEN=106 /If I use the Internet connection/ Mar 30 05:19:35 ital kernel: Shorewall:ppp02loc:DNAT:IN=ppp0 OUT=eth1 SRC=<my IP address> DST=10.1.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=124 ID=37917 DF PROTO=TCP SPT=62575 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 and nothing happens... /If I use ADSL/ Anyone can help me? Peter
Peter: Does your ADSL use PPPoE or PPTP?? How are you starting the ADSL?? With a quick look.... If your internet interface is the ADSL then this is incorrect: interfaces: net eth0 detect loc eth1 detect ppp0 ppp0 #my ADSL have a permanent IP address provided my IS Give this a spin: interfaces: net ppp0 #my ADSL have a permanent IP address provided my ISP loc eth1 detect ppp0 eth0 detect net needs to be the external interface. You''ll need to start or restart shorewall after the ADSL link comes up... Use /etc/ppp/ip-up.local for that. Jerry Vonau
> I set one working firewall earlier: I have a Terminal Server on one LAN, and > a NET zone. I forwarded the TCP port 3389 to my server, and it is fork fine. > My company bought one ADSL line to this server, so I want to configure. > My configuration files is:I suspect, the other firewall was not connected via DSL? Are you aware of the differences?> interfaces: > > net eth0 detect > loc eth1 detect > ppp0 ppp0 #my ADSL have a permanent IP address provided my ISPIf you really have two NICs, that is definitely wrong. If the DSL modem is connected to eth0, you need something like this: net ppp0 - dhcp,routefilter,norfc1918 loc eth1 detect routestopped In the file shorewall.conf you need to set CLAMPMSS=yes Have a look at all other files you changed after modifying interfaces. HTH karsten -- Hi, I''m a signature virus. Copy me into your ~/.signature to help me spread!
Uh, and don''t forget the masq file: (according to my assumptions)
ppp0 eth1
karsten
--
char
*t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8?
c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){
putchar(t[s]);h=m;s=0; }}}
> I suspect, the other firewall was not connected via DSL? Are you aware > of the differences?No, this is the only firewall> > > interfaces: > > > > net eth0 detect > > loc eth1 detect > > ppp0 ppp0 #my ADSL have a permanent IP address provided my ISP > > If you really have two NICs, that is definitely wrong. If the DSL modem > is connected to eth0, you need something like this:I have 3 NICs. But the 3rd is going up when I run "pon" Of course I tested the following settings too: net eth0 detect loc eth1 detect ppp0 ppp0 adsl eth2 detect but doesn`t work...> net ppp0 - dhcp,routefilter,norfc1918 > loc eth1 detect routestopped > > > In the file shorewall.conf you need to set > CLAMPMSS=yesOkay, I set it. But nothing changed.> Have a look at all other files you changed after modifying interfaces. > HTH > > karsten > > > -- > Hi, I''m a signature virus. Copy me into your ~/.signature to help > me spread! > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:http://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
So you have 2 seperate providers. Sorry I missed that.. That is abit more involved... Youl''ll need to post the information listed at: http://www.shorewall.net/support.htm This might be a routing issue, 2 gateways, I wish I had 2 isp''s to play with.. I''d be more help.. Jerry -----Original Message----- From: =?iso-8859-2?Q?Legenyei_P=E9ter?= [SMTP:legenyei.peter@glohbalunion.hu] Sent: Sunday, March 30, 2003 11:05 AM To: shorewall-users@lists.shorewall.net Subject: RE: [Shorewall-users] trouble with ADSL connetcion
Hi all! Thanks everybody who helps me, but my diagnosis was wrong... The DNAT is works with the settings above, but (and beginning my another trouble) if I going from behind a router (ADSL router or leased line router) the connection failed... If I going from behind a single computer (from another ADSL connection) it''s work fine. Peter