Shorewall users - Jun 2009 - newbie. 3-nic issue

I have a 3-NIC setup with the following
eth0
eth1 LAN: 192.168.18.1 running clients
eth2 DMZ: 10.45.93.254 running dns/dhcp server on 10.45.93.18

I am able to ping all gateways and net from the $FW and DMW. However, i 
am unable to get my clients to obtain dhcp addresses. I''m always
getting
host unreachable. I have an 8-port hub between each gateway and the pcs.
In /etc/shorewall/rules i have:
accept    loc   dmz     udp    68   67
accept   dmz   loc      udp    67   68

I have in /etc/shorewall/interfaces
eth1      dhcp

Yes. My dhcp and dns are both up and running on the server. I''ve tested
my dns/dhcp configs before on a 2-NIC system and it works. Any help as 
to why i am unable to get dhcp addresses would be usefull.


------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises 
looking to deploy the next generation of Solaris that includes the latest 
innovations from Sun and the OpenSource community. Download a copy and 
enjoy capabilities such as Networking, Storage and Virtualization. 
Go to: http://p.sf.net/sfu/opensolaris-get

grkm2002 wrote:
> I have a 3-NIC setup with the following
> eth0
> eth1 LAN: 192.168.18.1 running clients
> eth2 DMZ: 10.45.93.254 running dns/dhcp server on 10.45.93.18
> 
> I am able to ping all gateways and net from the $FW and DMW. However, i 
> am unable to get my clients to obtain dhcp addresses. I''m always
getting
> host unreachable.
What are you doing/trying when you ''get host unreachable''?
> I have an 8-port hub between each gateway and the pcs.
> In /etc/shorewall/rules i have:
> accept    loc   dmz     udp    68   67
> accept   dmz   loc      udp    67   68
The above rules are just silly. DHCP uses broadcast which will not be
routed between the two zones.
> 
> I have in /etc/shorewall/interfaces
> eth1      dhcp
> 
> Yes. My dhcp and dns are both up and running on the server.
What do you mean by ''server''? If the
''server'' is a system in the DMZ
then you need to run dhcrelay on the firewall and set the
''dhcp'' option
on both eth1 and on eth2.
> I''ve tested 
> my dns/dhcp configs before on a 2-NIC system and it works. Any help as 
> to why i am unable to get dhcp addresses would be usefull.
If the DHCP server is running on a server in the DMZ, install and
configure dhcrelay on the firewall. Testing with Shorewall cleared
(''shorewall clear''). Only report back here if you get dhcrelay
working
correctly without Shorewall but you have problems when you start
Shorewall again.

If the DHCP server is running on the firewall system (where Shorewall is
running) then be sure that your DHCP configuration is correct and that
the server is configured to serve eth1 (and that eth1 is in fact the
interface that is cabled to the LAN). If that all looks correct, then
please submit another report following the instructions at
http://www.shorewall.net/support.htm#Guidelines.

-Tom
-- 
Tom Eastep    \ The ultimate result of shielding men from the effects of
Shoreline,     \ folly is to fill the world with fools.
Washington, USA \                                     -- Herbert Spencer
------------------------------------------------------------------------
http://www.shorewall.net



------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises 
looking to deploy the next generation of Solaris that includes the latest 
innovations from Sun and the OpenSource community. Download a copy and 
enjoy capabilities such as Networking, Storage and Virtualization. 
Go to: http://p.sf.net/sfu/opensolaris-get