hi list, i got a small problem. here is my setup: WAN | | | bridged $FW-------DMZ | | masqueraded | LOCAL my shorewall machine ($FW) got three interfaces: eth0 eth1 eth2 * eth0 is connected to the WAN * eth1 is connected to my DMZ * eth2 is connected to LOCAL network i manage a whole C class (public adresses) in my DMZ, let''s say X.Y.Z.0/24 * my router (X.Y.Z.1) is connected to the WAN (eth0) side of my $FW * some servers (X.Y.Z.33 and X.Y.Z.34) are connected to the DMZ interface (eth1) of my shorewall box. * my local network (192.168.1.0/24) is connected to eth2 on my shorewall box. * my $FW acts as a bridge (br0 interface) toward eth0 and eth1, and br0 got IP X.Y.Z.2, so eth0 and eth1 have no IP what works: * the bridge works: - i can reach the internet from one of my DMZ host, depending on the rules I apply - i cant reach my server hosted in DMZ for the WAN side, depending on the rules I apply BUT: the masquerading doesn''t work: I set up masq like this: br0 192.168.1.0/24 and I can reach the $FW bridge interface (X.Y.Z.2) from my LOCAL net but i can''t reach the internet from my LOCAL what''s the pb? a route pb? i tried to play with routes but no result. i tried br0 192.168.1.0/24 X.Y.Z.2 and br0 eth2 as masq config, but nothing... so I need help ! tank your for your support! Tristan
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tristan Defert wrote:> hi list, > > i got a small problem. > here is my setup: > > WAN > | > | > | bridged > $FW-------DMZ > | > | masqueraded > | > LOCAL > > my shorewall machine ($FW) got three interfaces: eth0 eth1 eth2 > * eth0 is connected to the WAN > * eth1 is connected to my DMZ > * eth2 is connected to LOCAL network > > i manage a whole C class (public adresses) in my DMZ, let''s say X.Y.Z.0/24 > * my router (X.Y.Z.1) is connected to the WAN (eth0) side of my $FW > * some servers (X.Y.Z.33 and X.Y.Z.34) are connected to the DMZ > interface (eth1) of my shorewall box. > * my local network (192.168.1.0/24) is connected to eth2 on my shorewall > box. > * my $FW acts as a bridge (br0 interface) toward eth0 and eth1, and br0 > got IP X.Y.Z.2, so eth0 and eth1 have no IP > > what works: > * the bridge works: > - i can reach the internet from one of my DMZ host, depending on the > rules I apply > - i cant reach my server hosted in DMZ for the WAN side, depending on > the rules I apply > > BUT: > the masquerading doesn''t work: > I set up masq like this: > br0 192.168.1.0/24 > and I can reach the $FW bridge interface (X.Y.Z.2) from my LOCAL net > but i can''t reach the internet from my LOCAL > > what''s the pb? a route pb? i tried to play with routes but no result. i > tried > br0 192.168.1.0/24 X.Y.Z.2 > and > br0 eth2 > as masq config, but nothing... > > so I need help ! tank your for your support!Have you enabled ip forwarding on your firewall? - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBc9MaO/MAbZfjDLIRAl+9AJ41NtyaOXqAvUZ+1BOo3LRJRwpSMwCdHWry t4GQ/gNuIJjCoOBD9OYDb2k=rr9g -----END PGP SIGNATURE-----
Le 18 oct. 04, à 16:28, Tom Eastep a écrit :> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Tristan Defert wrote: >> hi list, >> >> i got a small problem. >> here is my setup: >> >> WAN >> | >> | >> | bridged >> $FW-------DMZ >> | >> | masqueraded >> | >> LOCAL >> >> my shorewall machine ($FW) got three interfaces: eth0 eth1 eth2 >> * eth0 is connected to the WAN >> * eth1 is connected to my DMZ >> * eth2 is connected to LOCAL network >> >> i manage a whole C class (public adresses) in my DMZ, let''s say >> X.Y.Z.0/24 >> * my router (X.Y.Z.1) is connected to the WAN (eth0) side of my $FW >> * some servers (X.Y.Z.33 and X.Y.Z.34) are connected to the DMZ >> interface (eth1) of my shorewall box. >> * my local network (192.168.1.0/24) is connected to eth2 on my >> shorewall >> box. >> * my $FW acts as a bridge (br0 interface) toward eth0 and eth1, and >> br0 >> got IP X.Y.Z.2, so eth0 and eth1 have no IP >> >> what works: >> * the bridge works: >> - i can reach the internet from one of my DMZ host, depending on the >> rules I apply >> - i cant reach my server hosted in DMZ for the WAN side, depending on >> the rules I apply >> >> BUT: >> the masquerading doesn''t work: >> I set up masq like this: >> br0 192.168.1.0/24 >> and I can reach the $FW bridge interface (X.Y.Z.2) from my LOCAL net >> but i can''t reach the internet from my LOCAL >> >> what''s the pb? a route pb? i tried to play with routes but no result. >> i >> tried >> br0 192.168.1.0/24 X.Y.Z.2 >> and >> br0 eth2 >> as masq config, but nothing... >> >> so I need help ! tank your for your support! > > Have you enabled ip forwarding on your firewall? > > - -TomShame on me, IP forwarding was not active, hugh ... :-) Thanks Tom!