Hi, I have 2 IP addresses, for example: 91.xx.xx.xx (normal) 87.xx.xx.xx (fail-over) Fail-over is routed by my ISP to 91.xx.xx.xx. Normally I create an alias eth0:0 and it works. When someone enters the 87.xx.xx.xx to see the same as for 91.xx.xx.xx. Today I decided to play in VMWare and virtual test system. I decided to redirect the IP fail-over to vmnet1 that the system (vm) had its own address. I did this: - Removed an alias eth0:0 - echo 1> / proc/sys/net/ipv4/conf/all/proxy_arp - echo 1> / proc/sys/net/ipv4/conf/default/proxy_arp - /sbin/route add 87.xx.xx.xx dev vmnet1 - On the VM system configured eth0: auto eth0 iface eth0 inet static address 87.xx.xx.xx netmask 255.255.255.255 gateway 192.168.173.1 - IP vmnet1 on the normal system. post-up /sbin/ip route add default dev eth0 When I ping system 87.xx.xx.xx from my home, it works. I connect to apache on 87.xx.xx.xx (vm). Excellent! But ... it only works when I type "clear Shorewall", just disable fw. When I run Shorewall, ping 87.xx.xx.xx time out:( Why? I edited "interfaces", "policy" and "zones" but none of it. Shorewall is a great FW, I do not want to delete it! Shorewall 4.2.5 Here is the instruction of my ISP: http://help.ovh.co.uk/VMware Yours, Grzegorz ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
Grzesiek wrote:> Hi, > > I have 2 IP addresses, for example: > > 91.xx.xx.xx (normal) > 87.xx.xx.xx (fail-over) > > Fail-over is routed by my ISP to 91.xx.xx.xx. Normally I create an > alias eth0:0 and it works. When someone enters the 87.xx.xx.xx to see > the same as for > 91.xx.xx.xx. > > Today I decided to play in VMWare and virtual test system. I decided > to redirect the IP fail-over to vmnet1 that the system (vm) had its > own address. I did this: > > - Removed an alias eth0:0 > - echo 1> / proc/sys/net/ipv4/conf/all/proxy_arp > - echo 1> / proc/sys/net/ipv4/conf/default/proxy_arp > - /sbin/route add 87.xx.xx.xx dev vmnet1 > - On the VM system configured eth0: > > auto eth0 > iface eth0 inet static > address 87.xx.xx.xx > netmask 255.255.255.255 > gateway 192.168.173.1 - IP vmnet1 on the normal system. > post-up /sbin/ip route add default dev eth0 > > When I ping system 87.xx.xx.xx from my home, it works. I connect to > apache on 87.xx.xx.xx (vm). Excellent! > > But ... it only works when I type "clear Shorewall", just disable fw. > When I run Shorewall, ping 87.xx.xx.xx time out:( Why? I edited > "interfaces", "policy" > > and "zones" but none of it. > > Shorewall is a great FW, I do not want to delete it! > > Shorewall 4.2.5 > > Here is the instruction of my ISP: > http://help.ovh.co.uk/VMwarePlease review the Shorewall support guidelines at http://www.shorewall.net/support.htm#Guidelines. Without the proper accompanying documentation, we can''t help you. If you wish to avoid posting the output of ''shorewall dump'' on the list, you may forward it to upload@shorewall.net. Please keep communication regarding this problem here on the list. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
2009/5/28 Tom Eastep <teastep@shorewall.net>:> Please review the Shorewall support guidelines at > http://www.shorewall.net/support.htm#Guidelines. Without the proper > accompanying documentation, we can''t help you. > > If you wish to avoid posting the output of ''shorewall dump'' on the list, > you may forward it to upload@shorewall.net. Please keep communication > regarding this problem here on the list. > > Thanks, > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > ------------------------------------------------------------------------------ > Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT > is a gathering of tech-side developers & brand creativity professionals. Meet > the minds behind Google Creative Lab, Visual Complexity, Processing, & > iPhoneDevCamp as they present alongside digital heavyweights like Barbarian > Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >It is my fault, because I manually added "1" to ip_forward but shorewall.conf had IP_FORWARDING = Off, and when I restart FW, Shorewall ip_forward changed to "0" :) "Shorewall dump" was very helpful in section /proc. Thanks Tom. Grzegorz ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
Grzesiek wrote:> It is my fault, because I manually added "1" to ip_forward but > shorewall.conf had IP_FORWARDING = Off, and when I restart FW, > Shorewall ip_forward changed to "0" :) "Shorewall dump" was very > helpful in section /proc. Thanks Tom.You''re welcome, Grzegorz. I''m happy that you found the problem. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com