Shorewall users - Aug 2003 - Laptop with two NICs (wireless + normal)

Hello,

I''m VERY new to this. I got shorewall 1.4.5 running on my laptop
(mainly for curiosities sake) by following the quick start guide for one
interface and set out to extend it to my wireless card too. here is what I did:

- Extending shorewall to eth1 (wireless card):
	* edit /etc/shorewall/interfaces:
	    ''net	eth0	detect	norfc1918,routefilter,dhcp'' 
	    --> ''net0	eth0	detect	norfc1918,routefilter,dhcp''
	  add:
  	    ''net1	eth1	detect	norfc1918,routefilter,dhcp''
	* edit /etc/shorewall/policy:
	    ''fw	net	ACCEPT'' --> ''fw	net0	ACCEPT''
	    ''net	all	DROP'' --> ''net0	all	DROP''
	  add:
	    ''fw	net1	ACCEPT''
	    ''net1	all	DROP''
	* edit /etc/shorewall/rules:
	    ''ACCEPT	net	fw	icmp	8'' 
	    --> ''ACCEPT	net0	fw	icmp	8''
	    ''ACCEPT	net	fw	tcp	22''
	    --> ''ACCEPT	net0	fw	tcp	22''
	  add:
	    ''ACCEPT	net1	fw	icmp	8''
	    ''ACCEPT	net1	fw	tcp	22''
	* edit /etc/shorewall/zones:
	    ''net	Net	Internet'' 
	    --> ''net0	Net0	Internet_through_eth0_cable''
	  add:
	    ''net1	Net1	Internet_through_eth1_wireless''
	* /etc/init.d/shorewall restart

After the restart I can neither reach the web nor be reached. I tried looking
into this and one thing I came across was that for ''net1	eth1	detect
norfc1918,routefilter,dhcp'' to work, the interface has to be up ... but
my setup is scripted such that I have either wireless or cable-borne network. Is
there any way to start the firewall for both interfaces even if only one of them
is up at any given time?

Please give me a hint where to look ...

Thanks, Joh
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 00000000.mimetmp
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url :
http://lists.shorewall.net/pipermail/shorewall-users/attachments/20030830/f89eaaf8/00000000.bin

On Sat, 30 Aug 2003, Johannes Graumann wrote:
>
> After the restart I can neither reach the web nor be reached. I tried
> looking into this and one thing I came across was that for ''net1
eth1
> detect norfc1918,routefilter,dhcp'' to work, the interface has to
be up
> ... but my setup is scripted such that I have either wireless or
> cable-borne network. Is there any way to start the firewall for both
> interfaces even if only one of them is up at any given time?
>
> Please give me a hint where to look ...
>
You cannot use the ''detect'' option on an interface that
isn''t always up
when Shorewall starts.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Hi Tom,

Welcome back.

I hope you feel as though you''ve had a break.

John

On Mon, 15 Sep 2003, john wrote:
> Welcome back.
>
> I hope you feel as though you''ve had a break.
>
Hi John,

I had a "Shorewall Break" anyway....

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Tom Eastep wrote:
> Hi John,
> 
> I had a "Shorewall Break" anyway....
> 
> -Tom
Hi Tom,

I would assume a "Shorewall Brake" as well.....   :-)


-- 
Patrick Benson
Stockholm, Sweden