hi list,
i got a small problem.
here is my setup:
WAN
|
|
| bridged
$FW-------DMZ
|
| masqueraded
|
LOCAL
my shorewall machine ($FW) got three interfaces: eth0 eth1 eth2
* eth0 is connected to the WAN
* eth1 is connected to my DMZ
* eth2 is connected to LOCAL network
i manage a whole C class (public adresses) in my DMZ, let''s say
X.Y.Z.0/24
* my router (X.Y.Z.1) is connected to the WAN (eth0) side of my $FW
* some servers (X.Y.Z.33 and X.Y.Z.34) are connected to the DMZ
interface (eth1) of my shorewall box.
* my local network (192.168.1.0/24) is connected to eth2 on my
shorewall box.
* my $FW acts as a bridge (br0 interface) toward eth0 and eth1, and br0
got IP X.Y.Z.2, so eth0 and eth1 have no IP
what works:
* the bridge works:
- i can reach the internet from one of my DMZ host, depending on the
rules I apply
- i cant reach my server hosted in DMZ for the WAN side, depending on
the rules I apply
BUT:
the masquerading doesn''t work:
I set up masq like this:
br0 192.168.1.0/24
and I can reach the $FW bridge interface (X.Y.Z.2) from my LOCAL net
but i can''t reach the internet from my LOCAL
what''s the pb? a route pb? i tried to play with routes but no result. i
tried
br0 192.168.1.0/24 X.Y.Z.2
and
br0 eth2
as masq config, but nothing...
so I need help ! tank your for your support!
Tristan
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tristan Defert wrote:> hi list, > > i got a small problem. > here is my setup: > > WAN > | > | > | bridged > $FW-------DMZ > | > | masqueraded > | > LOCAL > > my shorewall machine ($FW) got three interfaces: eth0 eth1 eth2 > * eth0 is connected to the WAN > * eth1 is connected to my DMZ > * eth2 is connected to LOCAL network > > i manage a whole C class (public adresses) in my DMZ, let''s say X.Y.Z.0/24 > * my router (X.Y.Z.1) is connected to the WAN (eth0) side of my $FW > * some servers (X.Y.Z.33 and X.Y.Z.34) are connected to the DMZ > interface (eth1) of my shorewall box. > * my local network (192.168.1.0/24) is connected to eth2 on my shorewall > box. > * my $FW acts as a bridge (br0 interface) toward eth0 and eth1, and br0 > got IP X.Y.Z.2, so eth0 and eth1 have no IP > > what works: > * the bridge works: > - i can reach the internet from one of my DMZ host, depending on the > rules I apply > - i cant reach my server hosted in DMZ for the WAN side, depending on > the rules I apply > > BUT: > the masquerading doesn''t work: > I set up masq like this: > br0 192.168.1.0/24 > and I can reach the $FW bridge interface (X.Y.Z.2) from my LOCAL net > but i can''t reach the internet from my LOCAL > > what''s the pb? a route pb? i tried to play with routes but no result. i > tried > br0 192.168.1.0/24 X.Y.Z.2 > and > br0 eth2 > as masq config, but nothing... > > so I need help ! tank your for your support!Have you enabled ip forwarding on your firewall? - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBc9MaO/MAbZfjDLIRAl+9AJ41NtyaOXqAvUZ+1BOo3LRJRwpSMwCdHWry t4GQ/gNuIJjCoOBD9OYDb2k=rr9g -----END PGP SIGNATURE-----
Le 18 oct. 04, à 16:28, Tom Eastep a écrit :> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Tristan Defert wrote: >> hi list, >> >> i got a small problem. >> here is my setup: >> >> WAN >> | >> | >> | bridged >> $FW-------DMZ >> | >> | masqueraded >> | >> LOCAL >> >> my shorewall machine ($FW) got three interfaces: eth0 eth1 eth2 >> * eth0 is connected to the WAN >> * eth1 is connected to my DMZ >> * eth2 is connected to LOCAL network >> >> i manage a whole C class (public adresses) in my DMZ, let''s say >> X.Y.Z.0/24 >> * my router (X.Y.Z.1) is connected to the WAN (eth0) side of my $FW >> * some servers (X.Y.Z.33 and X.Y.Z.34) are connected to the DMZ >> interface (eth1) of my shorewall box. >> * my local network (192.168.1.0/24) is connected to eth2 on my >> shorewall >> box. >> * my $FW acts as a bridge (br0 interface) toward eth0 and eth1, and >> br0 >> got IP X.Y.Z.2, so eth0 and eth1 have no IP >> >> what works: >> * the bridge works: >> - i can reach the internet from one of my DMZ host, depending on the >> rules I apply >> - i cant reach my server hosted in DMZ for the WAN side, depending on >> the rules I apply >> >> BUT: >> the masquerading doesn''t work: >> I set up masq like this: >> br0 192.168.1.0/24 >> and I can reach the $FW bridge interface (X.Y.Z.2) from my LOCAL net >> but i can''t reach the internet from my LOCAL >> >> what''s the pb? a route pb? i tried to play with routes but no result. >> i >> tried >> br0 192.168.1.0/24 X.Y.Z.2 >> and >> br0 eth2 >> as masq config, but nothing... >> >> so I need help ! tank your for your support! > > Have you enabled ip forwarding on your firewall? > > - -TomShame on me, IP forwarding was not active, hugh ... :-) Thanks Tom!