Hi all,
Perhaps I''ve miss something...
I have read every FAQ and documentation from shorewall.net before asking
question here, hope someone can help me !
Try many things DNAT, netmasq, proxy arp, it doesn''t work.
LAN and PRIVATE network can''t see each other, i can''t ping
PRIVATE LAN from
LAN and vice-versa.
I first think of routing error, but i can''t see where..
I try to DNAT port 22 from eth1 to eth0, i still can''t ssh LAN from
PRIVATE
LAN and when i use tcpdump tcp-ip packet are still send to Router ISP.
Perhaps i should try shorewall newer beta version ?
Many thanks in advance for any help.
Eth0 and eth2 are bridged.
I can ping net from LAN
I can ping every firewall''s interface from LAN and PRIVATE LAN I can
ping
everything from firewall
Bridging is activated in shorewall.conf
Net
| Private network :
192.168.33.0/24 - Gateway : 192.168.33.254
| Private ISP router :
192.168.33.254
Router ISP:192.168.1.254 Private ISP router : 192.168.11.254
------------------------
--------------------------------------------------------
| |
-------------------------------------------------------------
| Eth2 : noip Eth1 :
192.168.11.253 | Firewall Shorewall 2.0.9
| |
| Fedora Core 2
| br0 : 192.168.1.199
|
| |
|
| Eth0 : 192.168.1.250
|
-------------------------------------------------------------
|
------------------------------------------
LAN 192.168.1.0/24 - Gateway : 192.168.1.254
The Firewall routing table :
Net Gateway Genmask Indic Metric Ref
Use Iface
192.168.33.0 192.168.11.253 255.255.255.0 UG 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.11.0 192.168.11.253 255.255.255.0 UG 0 0 0 eth1
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 br0
Shorewall zone :
#ZONE HOST(S) OPTIONS
net br0:eth2
loc br0:eth0 routeback
Shorewall interfaces :
#ZONE INTERFACE BROADCAST OPTIONS
#
- br0 detect
priv eth1 detect routeback
Shorewall policy :
#SOURCE DEST POLICY LOG LIMIT:BURST
# LEVEL
loc net ACCEPT
net all DROP info
loc fw ACCEPT
fw net ACCEPT
fw loc ACCEPT
priv loc ACCEPT
loc priv ACCEPT
fw priv ACCEPT
priv fw ACCEPT
priv net ACCEPT
Shorewal zones:
#ZONE DISPLAY COMMENTS
priv priv Global intranet
net Net Internet
loc Local Local networks
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.767 / Virus Database: 514 - Release Date: 21/09/2004
___[ Pub ]____________________________________________________________
Inscrivez-vous gratuitement sur Tandaime, Le site de rencontres !
http://rencontre.rencontres.com/index.php?origine=4