Hello,
I cannot establish Xserver connection via wireless subnet, while telnet is
working fine. There was a similar problem before in Shorewall over IPSEC
that Tom had fixed. Also, ping is working, but traceroute is not. Finally,
PuTTY gets a connectivity error after couple minutes of inactivity over
wireless when connected to the firewall/gateway.
Wireless is configured per instructions in Basic Two-Interface Firewall,
i.e. it belongs to the local zone.
Status file is attached.
Here is the configuration.
SuSe 9.2 kernel 2.6.8-24.11-default.
shorewall version 2.2.0
ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:80:c6:e7:d7:e7 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.1/24 brd 192.168.1.255 scope global eth0
inet6 fe80::280:c6ff:fee7:d7e7/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:02:b3:da:d6:96 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.2.255 scope global eth1
inet6 fe80::202:b3ff:feda:d696/64 scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,NOTRAILERS,UP> mtu 8192 qdisc pfifo_fast
qlen
1000
link/ether 00:0c:f1:7d:3d:72 brd ff:ff:ff:ff:ff:ff
inet 67.49.72.255/20 brd 255.255.255.255 scope global eth2
inet6 fe80::20c:f1ff:fe7d:3d72/64 scope link
valid_lft forever preferred_lft forever
5: sit0: <NOARP> mtu 1480 qdisc noqueue
link/sit 0.0.0.0 brd 0.0.0.0
ip route show
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.1
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.1
192.168.123.0/24 via 67.49.64.1 dev eth2
67.49.64.0/20 dev eth2 proto kernel scope link src 67.49.72.255
169.254.0.0/16 dev eth0 scope link
127.0.0.0/8 dev lo scope link
default via 67.49.64.1 dev eth2
Interfaces
# eth0 is wireless, eth1 is wired
loc eth1 detect routefilter
loc eth0 detect routefilter,maclist
Thank you in advance,
Alex.
Hello,
I cannot establish Xserver connection via wireless subnet, while telnet is
working fine. There was a similar problem before in Shorewall over IPSEC
that Tom had fixed. Also, ping is working, but traceroute is not. Finally,
PuTTY gets a connectivity error after couple minutes of inactivity over
wireless when connected to the firewall/gateway.
Wireless is configured per instructions in Basic Two-Interface Firewall,
i.e. it belongs to the local zone.
Status file is attached.
Here is the configuration.
SuSe 9.2 kernel 2.6.8-24.11-default.
shorewall version 2.2.0
ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:80:c6:e7:d7:e7 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.1/24 brd 192.168.1.255 scope global eth0
inet6 fe80::280:c6ff:fee7:d7e7/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:02:b3:da:d6:96 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.2.255 scope global eth1
inet6 fe80::202:b3ff:feda:d696/64 scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,NOTRAILERS,UP> mtu 8192 qdisc pfifo_fast
qlen
1000
link/ether 00:0c:f1:7d:3d:72 brd ff:ff:ff:ff:ff:ff
inet 67.49.72.255/20 brd 255.255.255.255 scope global eth2
inet6 fe80::20c:f1ff:fe7d:3d72/64 scope link
valid_lft forever preferred_lft forever
5: sit0: <NOARP> mtu 1480 qdisc noqueue
link/sit 0.0.0.0 brd 0.0.0.0
ip route show
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.1
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.1
192.168.123.0/24 via 67.49.64.1 dev eth2
67.49.64.0/20 dev eth2 proto kernel scope link src 67.49.72.255
169.254.0.0/16 dev eth0 scope link
127.0.0.0/8 dev lo scope link
default via 67.49.64.1 dev eth2
Interfaces
# eth0 is wireless, eth1 is wired
loc eth1 detect routefilter
loc eth0 detect routefilter,maclist
Thank you in advance,
Alex.
Alex wrote:> Hello, > > I cannot establish Xserver connection via wireless subnetWhat does that mean? a) To which interface is the system running the X server connected? b) To which interface is the system running the X application connected? b) Are you simply trying to connect to the X server or are you trying to use XDMCP? c) Does all of this work perfectly if you "shorewall clear"? As an aside: This is why I always use X forwarding over SSH -- works every time. Besides, SuSE disables remote connections to the X server by default and it''s a PITA to enable it again.> while telnet is > working fine. There was a similar problem before in Shorewall over IPSEC > that Tom had fixed.You''ll have to be more specific.> Also, ping is working, but traceroute is not.Traceroute from where to where? Come on Alex -- we''re not mind readers!!!!! Finally,> PuTTY gets a connectivity error after couple minutes of inactivity over > wireless when connected to the firewall/gateway.Highly unlikely to have anything whatsoever to do with Shorewall but again, does this problem go away if you "shorewall clear"? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom, It was late at night, so I missed the main point for which I''m sorry. There was a problem with my Netgear WG302 access point that I''ve fixed. DHCP server on the access point causes these issues when I connect from laptop at 192.168.2.10 to the Sun Solaris 9 at 192.168.1.7. I''ve switched over to the DHCP server on the firewall / gateway and all problems are gone now! Thank you, Alex. Alex wrote:> Hello, > > I cannot establish Xserver connection via wireless subnetWhat does that mean? a) To which interface is the system running the X server connected? b) To which interface is the system running the X application connected? b) Are you simply trying to connect to the X server or are you trying to use XDMCP? c) Does all of this work perfectly if you "shorewall clear"? As an aside: This is why I always use X forwarding over SSH -- works every time. Besides, SuSE disables remote connections to the X server by default and it''s a PITA to enable it again.> while telnet is > working fine. There was a similar problem before in Shorewall over IPSEC > that Tom had fixed.You''ll have to be more specific.> Also, ping is working, but traceroute is not.Traceroute from where to where? Come on Alex -- we''re not mind readers!!!!! Finally,> PuTTY gets a connectivity error after couple minutes of inactivity over > wireless when connected to the firewall/gateway.Highly unlikely to have anything whatsoever to do with Shorewall but again, does this problem go away if you "shorewall clear"? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep at shorewall.net <https://lists.shorewall.net/mailman/listinfo/shorewall-users> PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Alex wrote:> It was late at night, so I missed the main point for which I''m sorry. > > There was a problem with my Netgear WG302 access point that I''ve fixed. DHCP > server on the access point causes these issues when I connect from laptop at > 192.168.2.10 to the Sun Solaris 9 at 192.168.1.7. I''ve switched over to the > DHCP server on the firewall / gateway and all problems are gone now! > > Thank you,You''re welcome Alex -- thanks for clearing this up. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key