Hi all.I am trying to set up a bridging firewall using Ubuntu 7.04.My setup is as follows. I have eth0 (net) and eth1 (dmz) set up as a bridge (br0) with eth2 (loc) running natted on br0. I have got this setup working back when physdev match was in the kernel. I have the bridge working so I can ping from 82.69.192.105 (dmz) to 82.69.192.109 (fw) and 82.69.192.110 (wan), the firewall can also ping 105 and 110 however on starting shorewall, pinging 109 and 110 from 105 result in Destination host unreachable result (same happens pinging 105 and 110 from 109).Looking at the dump it seems the packets are falling into the reject chain and I''m at a loss to why.I''ve attached the shorewall dump for perusal. Many thanks in advance.Si _________________________________________________________________ Try Live.com - your fast, personalized homepage with all the things you care about in one place. http://www.live.com/getstarted ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Simon Purdy wrote:> I am trying to set up a bridging firewall using Ubuntu 7.04. > > My setup is as follows. I have eth0 (net) and eth1 (dmz) set up as a > bridge (br0) with eth2 (loc) running natted on br0. I have got this > setup working back when physdev match was in the kernel. > > I have the bridge working so I can ping from 82.69.192.105 (dmz) to > 82.69.192.109 (fw) and 82.69.192.110 (wan), the firewall can also ping > 105 and 110 however on starting shorewall, pinging 109 and 110 from 105 > result in Destination host unreachable result (same happens pinging 105 > and 110 from 109).a) Your dmz zone is empty. b) You have no loc zone at all. c) You haven''t specified the ''routeback'' option on br0. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tom Eastep wrote:> > a) Your dmz zone is empty. > b) You have no loc zone at all. > c) You haven''t specified the ''routeback'' option on br0. >If you continue to have problems, it might be useful if you forwarded your zones, interfaces and hosts files in addition to a dump. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Thanks.I''ve had a breakthrough on your advice given earlier.I had left loc empty as I had that working earlier.If I have any more probs I''ll let you know.Si> Date: Tue, 5 Jun 2007 11:40:34 -0700> From: teastep@shorewall.net> To: shorewall-users@lists.sourceforge.net> Subject: Re: [Shorewall-users] Bridge breaks after starting Shorewall> > Tom Eastep wrote:> > > > > a) Your dmz zone is empty.> > b) You have no loc zone at all.> > c) You haven''t specified the ''routeback'' option on br0.> > > > If you continue to have problems, it might be useful if you forwarded your> zones, interfaces and hosts files in addition to a dump.> > Thanks,> -Tom> -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool> Shoreline, \ http://shorewall.net> Washington USA \ teastep@shorewall.net> PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key> _________________________________________________________________ Try Live.com: where your online world comes together - with news, sports, weather, and much more. http://www.live.com/getstarted ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/