Shorewall users - Sep 2003 - Broadband sharing and firewalling test

Hi all folks,

I am going to experiment broadband sharing and firewalling by 2
workstations with a crossover cable, one workstation with 2 NICs.  I
shall proceed according to "Basic Two-Interface Firewall" on
QuickStart
Guide-howto.  I have following packages downloaded. 

patch-1.4.6c 
shorewall-1.4.6c-1.noarch.rpm 
shorewall-1.4.6c.tgz 
shorwall-1.4.6c.lrp 

I will start from tarball. 

Kindly advise; 

1) What will "shorwall-1.4.6c.lrp" be used for? 
2) Can I make 2 PCs (workstation) connected with a crossover cable for
broadband sharing as abovementioned

Thanks in advance.

B.R. 
Stephen Liu


To Get Your Own iCareHK.com Email Address?  Go To www.iCareHK.com.

On Wed, 2003-09-10 at 12:52, Stephen Liu wrote:
> I am going to experiment broadband sharing and firewalling by 2
> workstations with a crossover cable, one workstation with 2 NICs.  I
> shall proceed according to "Basic Two-Interface Firewall" on
QuickStart
> Guide-howto.  I have following packages downloaded. 
> 
> patch-1.4.6c 
> shorewall-1.4.6c-1.noarch.rpm 
> shorewall-1.4.6c.tgz 
> shorwall-1.4.6c.lrp 
> 
> I will start from tarball. 
> 
> Kindly advise; 
> 
> 1) What will "shorwall-1.4.6c.lrp" be used for? 
This is only used if you are using the Bering LEAF Distribution.
> 2) Can I make 2 PCs (workstation) connected with a crossover cable for
> broadband sharing as abovementioned
Yes.

P.S. If you system supports RPM you are better served using that over
the tarball....IMHO.

Ed


-- 
http://www.shorewall.net       Shorewall, for all your firewall needs

Hi all folks,

PPTP/ADSL

I have an ADSL modem and use ppp0 to communicate with IPS server.  Do I
need to make "changes as recommended" in the manual as in following
point;

*******
5. PPTP Client running on your Firewall with PPTP Server in an ADSL
Modem
.........
.......

*******

Thanks in advance.

B.Regards
Stephen


On Wed, 2003-09-10 at 13:39, Ed Greshko wrote: 
> On Wed, 2003-09-10 at 12:52, Stephen Liu wrote:
> 
> > I am going to experiment broadband sharing and firewalling by 2
> > workstations with a crossover cable, one workstation with 2 NICs.  I
> > shall proceed according to "Basic Two-Interface Firewall" on
QuickStart
> > Guide-howto.  I have following packages downloaded. 
> > 
> > patch-1.4.6c 
> > shorewall-1.4.6c-1.noarch.rpm 
> > shorewall-1.4.6c.tgz 
> > shorwall-1.4.6c.lrp 
> > 
> > I will start from tarball. 
> > 
> > Kindly advise; 
> > 
> > 1) What will "shorwall-1.4.6c.lrp" be used for? 
> 
> This is only used if you are using the Bering LEAF Distribution.
> 
> > 2) Can I make 2 PCs (workstation) connected with a crossover cable for
> > broadband sharing as abovementioned
> 
> Yes.
> 
> P.S. If you system supports RPM you are better served using that over
> the tarball....IMHO.
> 
> Ed
> 

To Get Your Own iCareHK.com Email Address?  Go To www.iCareHK.com.

Thursday 11 September 2003, alle 00:27, Stephen Liu:
: Hi all folks,
: 
: PPTP/ADSL
: 
: I have an ADSL modem and use ppp0 to communicate with IPS server.  Do I
: need to make "changes as recommended" in the manual as in following
: point;
: 
: *******
: 5. PPTP Client running on your Firewall with PPTP Server in an ADSL
: Modem
: .........
: .......
: 
: *******
: 
: Thanks in advance.
: 
Yes browser the list archive there is my query and answers to my
questions. It only some weeks old.

If you are in trouble I can help.

Stefano

-- 
Stefano Canepa e-mail: sc@linux.it
To follow the path: look at the master, follow the master, walk with the
master, see through the master, become the master.
http://www.stefanocanepa.it - http://www.linux.it/~sc

Hi Stefano,

Thanks for your advice.  I found your posting

[Shorewall-users] ADSL with PPTP on modem
Stefano Canepa sc at linux.it 
Fri Aug 29 12:26:53 PDT 2003

I will go through it.  Should I get into difficulty I would seek your
advice.

Thanks.

B.R.
Stephen


On Thu, 2003-09-11 at 04:33, Stefano Canepa wrote:
> Thursday 11 September 2003, alle 00:27, Stephen Liu:
> : Hi all folks,
> : 
> : PPTP/ADSL
> : 
> : I have an ADSL modem and use ppp0 to communicate with IPS server.  Do I
> : need to make "changes as recommended" in the manual as in
following
> : point;
> : 
> : *******
> : 5. PPTP Client running on your Firewall with PPTP Server in an ADSL
> : Modem
> : .........
> : .......
> : 
> : *******
> : 
> : Thanks in advance.
> : 
> Yes browser the list archive there is my query and answers to my
> questions. It only some weeks old.
> 
> If you are in trouble I can help.
> 
> Stefano

To Get Your Own iCareHK.com Email Address?  Go To www.iCareHK.com.

Hi Stefano,

On my PC

eth1  connected to broadband via ADSL modem with dynamic IP and ppp0
protocol
eth0  connected to another PC with crossover cable

Re:
Changes made to PPTP/ADSL as recommended by the manual

1)
/etc/shorewall/zones
#ZONE	DISPLAY		COMMENTS
net	Net		Internet
loc	Local		Local networks
dmz	DMZ		Demilitarized zone
modem   Modem               ADSL Modem     (newly added)

Shall I comment ''net'', ''loc'' and
''dmz'' ???

2)
/etc/shorewall/interfaces
#ZONE	 INTERFACE	BROADCAST	OPTIONS
modem     eth1              (blank)            dialup

Is the entry of ''/etc/shorewall/interfaces'' correct???

Remark: xDSL Configuration
Under ''General'' tab
Check ''Automatically obtain IP address settings with (dialup)''
Check ''Automatically obtain DNS information from provider''

3)
/etc/shorewall/tunnels
# TYPE	     ZONE    GATEWAY    GATEWAY ZONE   PORT
pptpclient  modem   (blank)    (blank)          (blank)

Is the entry correct???

Setting of eth0 (Ethernet connection)
Under ''General'' tab
Check ''Activate device when computer starts
Check ''Statically set IP address''
Address   192.168.0.0
Subnet    10.10.10.0
Default Gateway Address : (blank)

Under ''Route'' tab
(blank)

Shall I set the eth1 ((Ethernet connection) of another PC to allow
sharing Internet/Broadband as follows;

Under ''General'' tab
Check ''Activate device when computer starts''
Check ''Statically set IP address''
Address   192.168.0.1
Subnet    10.10.10.0
Default Gateway Address : (blank)

Under ''Route'' tab
(blank)

Kindly advise.  Thanks in advance.

B.R.
Stephen


On Thu, 2003-09-11 at 04:33, Stefano Canepa wrote:
> Thursday 11 September 2003, alle 00:27, Stephen Liu:
> : Hi all folks,
> : 
> : PPTP/ADSL
> : 
> : I have an ADSL modem and use ppp0 to communicate with IPS server.  Do I
> : need to make "changes as recommended" in the manual as in
following
> : point;
> : 
> : *******
> : 5. PPTP Client running on your Firewall with PPTP Server in an ADSL
> : Modem
> : .........
> : .......
> : 
> : *******
> : 
> : Thanks in advance.
> : 
> Yes browser the list archive there is my query and answers to my
> questions. It only some weeks old.
> 
> If you are in trouble I can help.
> 
> Stefano

To Get Your Own iCareHK.com Email Address?  Go To www.iCareHK.com.

Friday 12 September 2003, alle 23:59, Stephen Liu:
: Hi Stefano,
: 
: On my PC
: 
: eth1  connected to broadband via ADSL modem with dynamic IP and ppp0
: protocol
: eth0  connected to another PC with crossover cable

: Re:
: Changes made to PPTP/ADSL as recommended by the manual
: 
: 1)
: /etc/shorewall/zones
: #ZONE	DISPLAY		COMMENTS
: net	Net		Internet
: loc	Local		Local networks
: dmz	DMZ		Demilitarized zone
: modem   Modem               ADSL Modem     (newly added)
: 
: Shall I comment ''net'', ''loc'' and
''dmz'' ???

I think you do not need dmz
: 
: 2)
: /etc/shorewall/interfaces
: #ZONE	 INTERFACE	BROADCAST	OPTIONS
: modem     eth1              (blank)            dialup

I think this is not correct you missed ppp0 and eth0 that are, you need
to insert 2 more lines:
net 	ppp0	detect
loc	eth0	detect

: Is the entry of ''/etc/shorewall/interfaces'' correct???
: 
: Remark: xDSL Configuration
: Under ''General'' tab
: Check ''Automatically obtain IP address settings with
(dialup)''
: Check ''Automatically obtain DNS information from provider''
: 
: 3)
: /etc/shorewall/tunnels
: # TYPE	     ZONE    GATEWAY    GATEWAY ZONE   PORT
: pptpclient  modem   (blank)    (blank)          (blank)
: 
: Is the entry correct???
: 
: Setting of eth0 (Ethernet connection)
: Under ''General'' tab
: Check ''Activate device when computer starts
: Check ''Statically set IP address''
: Address   192.168.0.0
: Subnet    10.10.10.0
: Default Gateway Address : (blank)
: 
: Under ''Route'' tab
: (blank)
: 
: Shall I set the eth1 ((Ethernet connection) of another PC to allow
: sharing Internet/Broadband as follows;
: 
: Under ''General'' tab
: Check ''Activate device when computer starts''
: Check ''Statically set IP address''
: Address   192.168.0.1
: Subnet    10.10.10.0
: Default Gateway Address : (blank)
: 
: Under ''Route'' tab
: (blank)
: 
: Kindly advise.  Thanks in advance.

I really can''t help you with the router configuration mostly becouse I
do not know which router are you using and cannot understand from you
description. I am only sure of one thing: 10.10.10.0 is not the subnet
for 192.168.0.1. If this is what you highlight before is the
configuration of ethernet cards on Windows PC I cannot help you.

Stefano

-- 
Stefano Canepa e-mail: sc@linux.it
To follow the path: look at the master, follow the master, walk with the
master, see through the master, become the master.
http://www.stefanocanepa.it - http://www.linux.it/~sc

Hi Stefano,

Thanks for your advice.

On Sat, 2003-09-13 at 04:18, Stefano Canepa wrote:
> Friday 12 September 2003, alle 23:59, Stephen Liu:
>  
> : eth1  connected to broadband via ADSL modem with dynamic IP and ppp0
> : protocol
> : eth0  connected to another PC with crossover cable
> 
> : Re:
> : Changes made to PPTP/ADSL as recommended by the manual
> : 
> : 1)
> : /etc/shorewall/zones
> : #ZONE	DISPLAY		COMMENTS
> : net	Net		Internet
> : loc	Local		Local networks
> : dmz	DMZ		Demilitarized zone
> : modem   Modem               ADSL Modem     (newly added)
> : 
> : Shall I comment ''net'', ''loc'' and
''dmz'' ???
> 
> I think you do not need dmz
Noted.  I will comment this line
 
> : 2)
> : /etc/shorewall/interfaces
> : #ZONE	 INTERFACE	BROADCAST	OPTIONS
> : modem     eth1              (blank)            dialup
> 
> I think this is not correct you missed ppp0 and eth0 that are, you need
> to insert 2 more lines:
> net 	ppp0	detect
> loc	eth0	detect
Noted.  Shall I leave the line " net  Net Internet" without
"comment"

So after editing /etc/shorewall/zones

#ZONE	DISPLAY		COMMENTS
net	ppp0		detect
loc	eth0		detect
#dmz	DMZ		Demilitarized zone
modem   Modem               ADSL Modem

* * *
Before editing /etc/shorewall/zones
#ZONE	DISPLAY		COMMENTS
net	Net		Internet
loc	Local		Local networks
dmz	DMZ		Demilitarized zone
* * * 
> : Is the entry of ''/etc/shorewall/interfaces'' correct???
> : 
> : Remark: xDSL Configuration
> : Under ''General'' tab
> : Check ''Automatically obtain IP address settings with
(dialup)''
> : Check ''Automatically obtain DNS information from
provider''
> : 
> : 3)
> : /etc/shorewall/tunnels
> : # TYPE	     ZONE    GATEWAY    GATEWAY ZONE   PORT
> : pptpclient  modem   (blank)    (blank)          (blank)
> : 
> : Is the entry correct???
> : 
> : Setting of eth0 (Ethernet connection)
> : Under ''General'' tab
> : Check ''Activate device when computer starts
> : Check ''Statically set IP address''
> : Address   192.168.0.0
> : Subnet    10.10.10.0
> : Default Gateway Address : (blank)
> : 
> : Under ''Route'' tab
> : (blank)
> : 
> : Shall I set the eth1 ((Ethernet connection) of another PC to allow
> : sharing Internet/Broadband as follows;
> : 
> : Under ''General'' tab
> : Check ''Activate device when computer starts''
> : Check ''Statically set IP address''
> : Address   192.168.0.1
> : Subnet    10.10.10.0
> : Default Gateway Address : (blank)
> : 
> : Under ''Route'' tab
> : (blank)
> : 
> : Kindly advise.  Thanks in advance.
> 
> I really can''t help you with the router configuration mostly
becouse I
> do not know which router are you using and cannot understand from you
> description. I am only sure of one thing: 10.10.10.0 is not the subnet
> for 192.168.0.1. If this is what you highlight before is the
> configuration of ethernet cards on Windows PC I cannot help you.
The PC sharing Internet/Broadband is also a Linux box running RH8.0. 
What I described previously was "Network configuration" on KDE
desktop.
Sorry for not providing detail information.

RH8.0
KDE
KStart -> System Settings -> Network

On Network Configuration Window
Under "Device" tab
- highlight "eth1" -> Edit

On "Ethernet Device" window
Under "General" tab
Nickname: eth1
Check "Activate device when computer starts"
Check "Statically set IP addresses:
- Address: 192.168.0.1 (entered by me)
- Subnet Mask: 10.10.10.1 (entered by me)
- Default Gateway Address: (Blank)

Under "Route" tab
(blank - no entry made)

Under "Hardware Device"
- Hardware: eth0 (RealTek RTL-8139, SMC EZ Card)
Check "Bind to MAC Address (00.07.40.00.43:a9)

Kindly advise whether the entries made by me be correct???

Thanks in advance.

B.R.
Stephen

Remark: setting of eth0 of this Linux box as follows;

On "Ethernet Device" window
Under "General" tab
Nickname: eth0
Check "Activate device when computer starts"
Check "Statically set IP addresses:
- Address: 192.168.0.0 (entered by me)
- Subnet Mask: 10.10.10.0 (entered by me)
- Default Gateway Address: (Blank)


To Get Your Own iCareHK.com Email Address?  Go To www.iCareHK.com.