Hi There,
Re-work my question earlier, also by putting result from
''/sbin/shorewall dump'' which attached on
''status.txt'' and i am sorry for not making it as gzip
I also will repeat the post earlier for better understanding my question (hey, I
am looking for the answers.....)
Shorewall version 4.0.14
Debian Etch
Webmin Version 1.441
eth0 -> 10.1.1.1 connected to a router, act as gateway for other hosts
eth1 -> 10.1.1.4 connected to wireless router
eth2 -> connected to adsl bridged modem, working OK using RP-PPPoE, outputing
ppp0 with correct ip from TPG
Shorewall configuration
Interfaces
#ZONE INTERFACE BROADCAST OPTIONS
net ppp0 detect routefilter
loc eth0 10.1.1.255
loc eth1 10.1.1.255
Masq
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
ppp0 eth1
ppp0 eth0
Policy
$FW net ACCEPT
$FW loc ACCEPT
net $FW ACCEPT
net loc ACCEPT
loc $FW ACCEPT
loc net ACCEPT
Zones
fw firewall
net ipv4
loc ipv4
~# shorewall check
Checking...
Initializing...
Determining Zones...
IPv4 Zones: net loc
Firewall Zone: fw
Validating interfaces file...
Validating hosts file...
Pre-processing Actions...
Pre-processing /usr/share/shorewall/action.Drop...
Pre-processing /usr/share/shorewall/action.Reject...
Validating Policy file...
Determining Hosts in Zones...
net Zone: ppp0:0.0.0.0/0
loc Zone: eth0:0.0.0.0/0 eth1:0.0.0.0/0
Deleting user chains...
Checking /etc/shorewall/routestopped ...
Creating Interface Chains...
Checking Common Rules
Checking Kernel Route Filtering...
Checking Martian Logging...
Checking /etc/shorewall/rules...
Checking Actions...
Checking /usr/share/shorewall/action.Drop for Chain Drop...
Checking /usr/share/shorewall/action.Reject for Chain Reject...
Checking /etc/shorewall/policy...
Checking Masquerading/SNAT
Checking Traffic Control Rules...
Checking Rule Activation...
Compiling IP Forwarding...
Shorewall configuration verified
~# shorewall status
Shorewall-4.0.14 Status at debian - Tue Nov 25 20:23:36 EST 2008
Shorewall is running
State:Started (Tue Nov 25 20:23:32 EST 2008)
~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:E0:4C:50:18:FD
inet addr:10.1.1.1 Bcast:10.255.255.255 Mask:255.0.0.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:201 Base address:0x8000
eth1 Link encap:Ethernet HWaddr 00:E0:4C:50:16:70
inet addr:10.1.1.4 Bcast:10.255.255.255 Mask:255.0.0.0
inet6 addr: fe80::2e0:4cff:fe50:1670/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2388 errors:0 dropped:0 overruns:0 frame:0
TX packets:3341 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:305137 (297.9 KiB) TX bytes:2690271 (2.5 MiB)
Interrupt:209 Base address:0xc000
eth2 Link encap:Ethernet HWaddr 00:15:58:1D:4B:4F
inet6 addr: fe80::215:58ff:fe1d:4b4f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:425 errors:0 dropped:0 overruns:0 frame:0
TX packets:423 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:59062 (57.6 KiB) TX bytes:67383 (65.8 KiB)
Interrupt:193 Base address:0xa800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:560 (560.0 b) TX bytes:560 (560.0 b)
ppp0 Link encap:Point-to-Point Protocol
inet addr:xxx.xxx.xxx.xxx P-t-P:10.20.20.106 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:379 errors:0 dropped:0 overruns:0 frame:0
TX packets:375 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:47826 (46.7 KiB) TX bytes:56054 (54.7 KiB)
Problem 1
I install Debian with eth2 plugged
When Im using eth2, I can log in to my box (using webmin) to configure the
debian either using 10.1.1.1 or 10.1.1.4 address remotely from other hosts, I
can ping other host (e.g 10.1.1.5). But when I use eth2, I cant ping or do
anything, the ping result from Debian: From 10.1.1.4 Host Unreachable
What mistake I did? Why I can''t use eth1 connected with other hosts?
Problem 2
PPPoE up and running, I can ping any web address from Debian (e.g.
www.yahoo.com)
But Im not able to make other host (e.g. 10.1.1.5) connect to internet via
gateway on eth1 nor eth2
Again, ignoring the use of eth2 and I can configure eth1 to talk with other
hosts (problem 1 solved), how I can make Shorewall working to share the
internet?
Or, just using eth2, what mistake on my Shorewall conf?
Any help would be much appreciated
Thanks in advance
Start your day with Yahoo!7 and win a Sony Bravia TV. Enter now
http://au.docs.yahoo.com/homepageset/?p1=other&p2=au&p3=tagline
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/