Hi There,
Re-work my question earlier, also by putting result from
''/sbin/shorewall dump'' which attached on
''status.txt'' and i am sorry for not making it as gzip
As suggested and as I am still a newbie here, I change the IP for eth0 and eth1,
but unfortunately, still same result, but I hope to get a light this time
Shorewall version 4.0.14
Debian Etch
Webmin Version 1.441
eth0 -> 10.1.1.4 connected to a router, act as gateway for other hosts
eth1 -> 10.1.2.1 connected to wireless router
eth2 -> connected to adsl bridged modem, working OK using RP-PPPoE, outputing
ppp0 with correct ip from TPG
Shorewall configuration
Interfaces
#ZONE INTERFACE BROADCAST OPTIONS
net ppp0 -
loc eth0 10.255.255.255
loc eth1 10.255.255.255
Masq
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
ppp0 eth1
ppp0 eth0
Policy
all all ACCEPT
Zones
fw firewall
net ipv4
loc ipv4
~# shorewall check
Checking...
Initializing...
Determining Zones...
IPv4 Zones: net loc
Firewall Zone: fw
Validating interfaces file...
Validating hosts file...
Pre-processing Actions...
Pre-processing /usr/share/shorewall/action.Drop...
Pre-processing /usr/share/shorewall/action.Reject...
Validating Policy file...
Determining Hosts in Zones...
net Zone: ppp0:0.0.0.0/0
loc Zone: eth0:0.0.0.0/0 eth1:0.0.0.0/0
Deleting user chains...
Checking /etc/shorewall/routestopped ...
Creating Interface Chains...
Checking Common Rules
Checking Kernel Route Filtering...
Checking Martian Logging...
Checking /etc/shorewall/rules...
Checking Actions...
Checking /usr/share/shorewall/action.Drop for Chain Drop...
Checking /usr/share/shorewall/action.Reject for Chain Reject...
Checking /etc/shorewall/policy...
Checking Masquerading/SNAT
Checking Traffic Control Rules...
Checking Rule Activation...
Compiling IP Forwarding...
Shorewall configuration verified
~# shorewall status
Shorewall-4.0.14 Status at debian - Tue Nov 25 20:23:36 EST 2008
Shorewall is running
State:Started (Tue Nov 25 20:23:32 EST 2008)
~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:E0:4C:50:18:FD
inet addr:10.1.1.4 Bcast:10.255.255.255 Mask:255.0.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:232 errors:0 dropped:0 overruns:0 frame:0
TX packets:321 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:38692 (37.7 KiB) TX bytes:218234 (213.1 KiB)
Interrupt:201 Base address:0xa000
eth1 Link encap:Ethernet HWaddr 00:E0:4C:50:16:70
inet addr:10.1.2.1 Bcast:10.255.255.255 Mask:255.0.0.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:17 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3287 (3.2 KiB) TX bytes:0 (0.0 b)
Interrupt:209 Base address:0x8000
eth2 Link encap:Ethernet HWaddr 00:15:58:1D:4B:4F
inet6 addr: fe80::215:58ff:fe1d:4b4f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:425 errors:0 dropped:0 overruns:0 frame:0
TX packets:423 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:59062 (57.6 KiB) TX bytes:67383 (65.8 KiB)
Interrupt:193 Base address:0xa800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:560 (560.0 b) TX bytes:560 (560.0 b)
ppp0 Link encap:Point-to-Point Protocol
inet addr:xxx.xxx.xxx.xxx P-t-P:10.20.20.106 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:379 errors:0 dropped:0 overruns:0 frame:0
TX packets:375 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:47826 (46.7 KiB) TX bytes:56054 (54.7 KiB)
iface eth0 inet static
address 10.1.1.4
netmask 255.0.0.0
network 10.0.0.0
broadcast 10.255.255.255
iface eth1 inet static
address 10.1.2.1
netmask 255.0.0.0
network 10.0.0.0
broadcast 10.255.255.255
Start your day with Yahoo!7 and win a Sony Bravia TV. Enter now
http://au.docs.yahoo.com/homepageset/?p1=other&p2=au&p3=tagline
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
Hi There,
Re-work my question earlier, also by putting
result from ''/sbin/shorewall dump'' which attached on
''status.txt'' and i
am sorry for not making it as gzip
As suggested and as I am
still a newbie here, I change the IP for eth0 and eth1, but
unfortunately, still same result, but I hope to get a light this time
I did not attached the result of the dump result, as it it delay this message to
be added
On Policy, I simply put "ALL ALL ACCEPT" just for a starter, to get
this shorewall working is my priority
I am using eth0 and connect from other host (e.g. 10.1.1.5, winXp) and set the
gateway and DNS as 10.1.1.4
No connection, only able to ping 10.1.1.4 ....
Shorewall version 4.0.14
Debian Etch
Webmin Version 1.441
eth0 -> 10.1.1.4 connected to a router, act as gateway for other hosts
eth1 -> 10.1.2.1 connected to wireless router, not connected at the moment,
just trying to get wired connection working
eth2 -> connected to adsl bridged modem, working OK using RP-PPPoE, outputing
ppp0 with correct ip from TPG
Shorewall configuration
Interfaces
#ZONE INTERFACE BROADCAST OPTIONS
net ppp0 -
loc eth0 10.255.255.255
loc eth1 10.255.255.255
Masq
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
ppp0 eth1
ppp0 eth0
Policy
all all ACCEPT
Zones
fw firewall
net ipv4
loc ipv4
~# shorewall status
Shorewall-4.0.14 Status at debian - Tue Nov 25 20:23:36 EST 2008
Shorewall is running
State:Started (Tue Nov 25 20:23:32 EST 2008)
~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:E0:4C:50:18:FD
inet addr:10.1.1.4 Bcast:10.255.255.255 Mask:255.0.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:232 errors:0 dropped:0 overruns:0 frame:0
TX packets:321 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:38692 (37.7 KiB) TX bytes:218234 (213.1 KiB)
Interrupt:201 Base address:0xa000
eth1 Link encap:Ethernet HWaddr 00:E0:4C:50:16:70
inet addr:10.1.2.1 Bcast:10.255.255.255 Mask:255.0.0.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:17 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3287 (3.2 KiB) TX bytes:0 (0.0 b)
Interrupt:209 Base address:0x8000
eth2 Link encap:Ethernet HWaddr 00:15:58:1D:4B:4F
inet6 addr: fe80::215:58ff:fe1d:4b4f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:425 errors:0 dropped:0 overruns:0 frame:0
TX packets:423 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:59062 (57.6 KiB) TX bytes:67383 (65.8 KiB)
Interrupt:193 Base address:0xa800
ppp0 Link encap:Point-to-Point Protocol
inet addr:xxx.xxx.xxx.xxx P-t-P:10.20.20.106 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:379 errors:0 dropped:0 overruns:0 frame:0
TX packets:375 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:47826 (46.7 KiB) TX bytes:56054 (54.7 KiB)
Start your day with Yahoo!7 and win a Sony Bravia TV. Enter now
http://au.docs.yahoo.com/homepageset/?p1=other&p2=au&p3=tagline
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
Hi Phillipus, Phillipus Gunawan schrieb: <..>> ~# ifconfig > eth0 Link encap:Ethernet HWaddr 00:E0:4C:50:18:FD > inet addr:10.1.1.4 Bcast:10.255.255.255 Mask:255.0.0.0<...>> eth1 Link encap:Ethernet HWaddr 00:E0:4C:50:16:70 > inet addr:10.1.2.1 Bcast:10.255.255.255 Mask:255.0.0.0<...> The Mask 255.0.0.0 "says" that the first tripple of your IP-Address is the network part. So your addreses are still in the same! network. Use a different Network(mask), e.g. ip address 192.168.0.1, mask 255.255.0.0 for eth1. Regards Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke@filmakademie.de Filmakademie Baden-Württemberg GmbH Mathildenstr. 20 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Staatsrätin für Demographischen Wandel und für Senioren im Staatsministerium Geschäftsführer: Prof. Thomas Schadt ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Thanks for the reply,
Changes made:
~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:E0:4C:50:18:FD
inet addr:10.1.1.4 Bcast:10.255.255.255 Mask:255.0.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:391 errors:0 dropped:0 overruns:0 frame:0
TX packets:478 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:60910 (59.4 KiB) TX bytes:271552 (265.1 KiB)
Interrupt:201 Base address:0x2000
eth1 Link encap:Ethernet HWaddr 00:E0:4C:50:16:70
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:209 Base address:0xa000
Interfaces
#ZONE INTERFACE BROADCAST OPTIONS
net ppp0 -
loc eth0 10.255.255.255
loc eth1 192.168.1.255
using cable connected only on eth0 (loc 10.1.1.4 to switch) and eth2 (net, ppp0)
nothing change, at my winXp 10.1.1.5, putting gateway/DNS as 10.1.1.4, cant ping
www.yahoo.com
winXp can ping 192.168.1.1
winXp can ping ppp0 ip address
I attaching shorewall dump result, hope someone can give me a clue
Cheers
Hi Phillipus,
Phillipus Gunawan schrieb:
<..>
> ~# ifconfig
> eth0 Link encap:Ethernet HWaddr 00:E0:4C:50:18:FD
> inet addr:10.1.1.4 Bcast:10.255.255.255 Mask:255.0.0.0
<...>> eth1 Link encap:Ethernet HWaddr 00:E0:4C:50:16:70
> inet addr:10.1.2.1 Bcast:10.255.255.255 Mask:255.0.0.0
<...>
The Mask 255.0.0.0 "says" that the first tripple of your IP-Address is
the network part. So your addreses are still in the same! network.
Use a different Network(mask), e.g. ip address 192.168.0.1, mask
255.255.0.0 for eth1.
Regards
Götz
--
Götz Reinicke
IT-Koordinator
Tel. +49 7141 969 420
Fax +49 7141 969 55 420
E-Mail goetz.reinicke@fi...
Filmakademie Baden-Württemberg GmbH
Mathildenstr. 20
71638 Ludwigsburg
http://www.filmakademie.de
Eintragung Amtsgericht Stuttgart HRB 205016
Vorsitzende des Aufsichtsrats:
Prof. Dr. Claudia Hübner
Staatsrätin für Demographischen Wandel und für Senioren im Staatsministerium
Geschäftsführer:
Prof. Thomas Schadt
Start your day with Yahoo!7 and win a Sony Bravia TV. Enter now
http://au.docs.yahoo.com/homepageset/?p1=other&p2=au&p3=tagline
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
Phillipus Gunawan wrote:> using cable connected only on eth0 (loc 10.1.1.4 to switch) and eth2 (net, ppp0) > nothing change, at my winXp 10.1.1.5, putting gateway/DNS as 10.1.1.4, cant ping www.yahoo.com > winXp can ping 192.168.1.1 > winXp can ping ppp0 ip addressIf you have set the DNS server address to 10.1.1.4, then: a) You need to be running a DNS server on the firewall; and b) You need to allow DNS from loc->fw; and c) You need to allow DNS from fw->net The dump isn''t capable of telling us whether you are doing a) but it is definitely telling us that you are NOT doing either b) or c). You really should have followed the two-interface quickstart guide (http://www.shorewall.net/two-interface.htm) to set this up. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Shorewall Geek wrote:> Phillipus Gunawan wrote: > >> using cable connected only on eth0 (loc 10.1.1.4 to switch) and eth2 (net, ppp0) >> nothing change, at my winXp 10.1.1.5, putting gateway/DNS as 10.1.1.4, cant ping www.yahoo.com >> winXp can ping 192.168.1.1 >> winXp can ping ppp0 ip address > > If you have set the DNS server address to 10.1.1.4, then: > > a) You need to be running a DNS server on the firewall; and > b) You need to allow DNS from loc->fw; and > c) You need to allow DNS from fw->net > > The dump isn''t capable of telling us whether you are doing a) but it is > definitely telling us that you are NOT doing either b) or c).Note that the simplest way to run a DNS server on your firewall is to install dnsmasq. See http://www.shorewall.net/SplitDNS.html ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/