Dave Florek wrote:
>I''m having the worst time with Shorewall. I''m a complete
noob to it.
>I''ve read all of the documentation regarding Shorewall and
>two-interfaces, and I''ve loaded the example files from
>''/usr/src/doc/shorewall/examples'' and I didn''t
change a thing.
You do realise that example config files are just that - examples ?
You are expected to configure them to your specific requirements.
>I still don''t understand what I''m doing wrong.
I''m trying to get the
>internet from ''eth0'' which is connected to my ISP
What do you get from "ifconfig eth0" ?
>I defined a gateway here, and an address range. I have DNS-MASQ
>installed and running which hands out IP addresses on
><http://192.168.0.50/30>192.168.0.50/30. It''s probably a
little
>ridiculous or redundant. I have no clue if it really works.
Firstly, can you find the "plain text" option on your mailer so that
when you put "192.168.0.50/30" it comes through as
"192.168.0.50/30"
and doesn''t get ''helpfully'' mangled to
"<http://192.168.0.50/30>192.168.0.50/30" ? It''s just a
little thing,
but little things that make it harder to read and/or cause annoyance
like that can make people less inclined to put the time in to help.
You need to find out if your local stuff works. If that doesn''t work,
then trying to fix (if indeed it''s even broken) Shorewall is going to
be a futile and frustrating experience.
You don''t actually need Shorewall running to get your network going ,
and in fact it is recommended to make sure your network runs BEFORE
starting on Shorewall. If your network works and then stops when
Shorewall is loaded then you look at your Shorewall config - if it
doesn''t work at all then it''s not Shorewall.
"shorewall clear" will turn off everything Shorewall does and leave
you with your basic network setup. Offhand I''m not sure what commands
you need to give to enable MASQ - but if you are using the network
manager from a GUI then I expect that has an option to tick (I don''t
use the GUI as virtually everything I manage is a headless server).
BTW - 192.168.0.50/30 would normally mean a subnet starting at
192.168.0.50 and with a netmask of 255.255.255.252. That would not be
a suitable config to hand out to clients as they should have the
exact same subnet mask as your gateway (255.255.255.0) - ie they
should be in the network 192.168.0.0/24.
And I I check that bit of information, I see your eth1 config is
wrong : the network address for that config is 192.168.0.0, and in
fact you should just omit that lien anyway since the system will
calculate the correct value for itself.
>It says it can''t bind to eth1 because eth1 is already in use.
>However, a laptop connected to eth1 displays 192.168.0.76 for an IP
>address and the gateway 192.168.0.2. So, I know that works.
Err, no you don''t know that works at all ! I''d hazard a guess
that
you have a DHCP server running on eth1, and that means you can''t
start another one (as part of DNS-MASQ) since the prots it needs to
use are already in use. 192.168.0.76 is not part of the address range
you say you configured DNS-MASQ to hand out, which suggests it did
come from there.
>I can partially ping ''www.google.com''. It''ll
resolve
>''www.google.com'' to the correct IP address and domain
name, but the
>packets keep timing out 100%. I can get the internet thru my devices
>connected to ''eth1'' if I use ProxyARP, but it disables all
of my
>outgoing traffic on ''eth0''.
The old "this isn''t working so I''ll pick some random
thing and try
it" approach to fixing things !
>All I''m trying to do is gateway my computer with two ethernet
NIC''s
>and I''m failing miserably at it and I''ve been banging my
head
>against a wall for the past week trying to figure it out.
You might have less bruises if you''d asked for help earlier !
--
Simon Hobson
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
------------------------------------------------------------------------------
Benefiting from Server Virtualization: Beyond Initial Workload
Consolidation -- Increasing the use of server virtualization is a top
priority.Virtualization can reduce costs, simplify management, and improve
application availability and disaster protection. Learn more about boosting
the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev