Dear shorewall users, I have installed shorewall on ubuntu 10.10. i want to use it as a dhcp server/gateway for our network. the computer have two network cards, one of them connected to the WAN (eth4) and the other one is connected to the lan. I have installed a dhcp server, which was distributing IP Addresses fine and then I installed dnsmasq. now the computer is distributing IP addresses but the clients cannot get a connection outside the box. I can ping the net from within the gateway(machine that shorewall is installed on) but not from the clients. the Shorewall seems to be running fine, "shorewall start/restart/stop" works fine. the dhcp server is running, the dnsmasq is running. But I don''t have any idea why i cannot ping through this? your help is very much appreciated. best regards, sayed jahed hussini ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2
On Sun, 2011-09-25 at 11:06 +0430, Sayed Jahed Hussini wrote:> I have installed shorewall on ubuntu 10.10. i want to use it as a dhcp > server/gateway for our network. the computer have two network cards, > one of them connected to the WAN (eth4) and the other one is connected > to the lan. I have installed a dhcp server, which was distributing IP > Addresses fine and then I installed dnsmasq. now the computer is > distributing IP addresses but the clients cannot get a connection > outside the box. I can ping the net from within the gateway(machine > that shorewall is installed on) but not from the clients. the > Shorewall seems to be running fine, "shorewall start/restart/stop" > works fine. the dhcp server is running, the dnsmasq is running. But I > don''t have any idea why i cannot ping through this? your help is very > much appreciated.Have you set IP_FORWARDING=Yes in shorewall.conf? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2
Hey Tom, Thanx for the reply. yes i have set IP_FORWARDING = Yes, On Sun, Sep 25, 2011 at 6:49 PM, Tom Eastep <teastep@shorewall.net> wrote:> On Sun, 2011-09-25 at 11:06 +0430, Sayed Jahed Hussini wrote: > > > I have installed shorewall on ubuntu 10.10. i want to use it as a dhcp > > server/gateway for our network. the computer have two network cards, > > one of them connected to the WAN (eth4) and the other one is connected > > to the lan. I have installed a dhcp server, which was distributing IP > > Addresses fine and then I installed dnsmasq. now the computer is > > distributing IP addresses but the clients cannot get a connection > > outside the box. I can ping the net from within the gateway(machine > > that shorewall is installed on) but not from the clients. the > > Shorewall seems to be running fine, "shorewall start/restart/stop" > > works fine. the dhcp server is running, the dnsmasq is running. But I > > don''t have any idea why i cannot ping through this? your help is very > > much appreciated. > > Have you set IP_FORWARDING=Yes in shorewall.conf? > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2dcopy2 > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1
Have you allowed ping from your local zone to the net? On 09/25/2011 08:32 PM, Sayed Jahed Hussini wrote:> Hey Tom, > > Thanx for the reply. yes i have set IP_FORWARDING = Yes, > > > On Sun, Sep 25, 2011 at 6:49 PM, Tom Eastep <teastep@shorewall.net > <mailto:teastep@shorewall.net>> wrote: > > On Sun, 2011-09-25 at 11:06 +0430, Sayed Jahed Hussini wrote: > > > I have installed shorewall on ubuntu 10.10. i want to use it as > a dhcp > > server/gateway for our network. the computer have two network cards, > > one of them connected to the WAN (eth4) and the other one is > connected > > to the lan. I have installed a dhcp server, which was > distributing IP > > Addresses fine and then I installed dnsmasq. now the computer is > > distributing IP addresses but the clients cannot get a connection > > outside the box. I can ping the net from within the gateway(machine > > that shorewall is installed on) but not from the clients. the > > Shorewall seems to be running fine, "shorewall start/restart/stop" > > works fine. the dhcp server is running, the dnsmasq is running. > But I > > don''t have any idea why i cannot ping through this? your help is > very > > much appreciated. > > Have you set IP_FORWARDING=Yes in shorewall.conf? > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously > valuable. > Why? It contains a definitive record of application performance, > security > threats, fraudulent activity, and more. Splunk takes this data and > makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2dcopy2 > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > <mailto:Shorewall-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2dcopy1 > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1
hey, Its not just ping, i cannot do anything! I cannot access any address out side of the LAN(i tried public IP and Names). I think the main problem is that its not doing NAT, cause I can ping the 192.168.1.1(FW''s internal IP) ,but cannot ping that address that is registered outside(WAN IP). regards, sayed jahed On Mon, Sep 26, 2011 at 9:37 AM, Nathan Kennedy <nathan@flidais.net> wrote:> ** > Have you allowed ping from your local zone to the net? > > > On 09/25/2011 08:32 PM, Sayed Jahed Hussini wrote: > > Hey Tom, > > Thanx for the reply. yes i have set IP_FORWARDING = Yes, > > > On Sun, Sep 25, 2011 at 6:49 PM, Tom Eastep <teastep@shorewall.net> wrote: > >> On Sun, 2011-09-25 at 11:06 +0430, Sayed Jahed Hussini wrote: >> >> > I have installed shorewall on ubuntu 10.10. i want to use it as a dhcp >> > server/gateway for our network. the computer have two network cards, >> > one of them connected to the WAN (eth4) and the other one is connected >> > to the lan. I have installed a dhcp server, which was distributing IP >> > Addresses fine and then I installed dnsmasq. now the computer is >> > distributing IP addresses but the clients cannot get a connection >> > outside the box. I can ping the net from within the gateway(machine >> > that shorewall is installed on) but not from the clients. the >> > Shorewall seems to be running fine, "shorewall start/restart/stop" >> > works fine. the dhcp server is running, the dnsmasq is running. But I >> > don''t have any idea why i cannot ping through this? your help is very >> > much appreciated. >> >> Have you set IP_FORWARDING=Yes in shorewall.conf? >> >> -Tom >> -- >> Tom Eastep \ When I die, I want to go like my Grandfather who >> Shoreline, \ died peacefully in his sleep. Not screaming like >> Washington, USA \ all of the passengers in his car >> http://shorewall.net \________________________________________________ >> >> >> >> ------------------------------------------------------------------------------ >> All of the data generated in your IT infrastructure is seriously valuable. >> Why? It contains a definitive record of application performance, security >> threats, fraudulent activity, and more. Splunk takes this data and makes >> sense of it. IT sense. And common sense. >> http://p.sf.net/sfu/splunk-d2dcopy2 >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and makes > sense of it. Business sense. IT sense. Common sense.http://p.sf.net/sfu/splunk-d2dcopy1 > > > _______________________________________________ > Shorewall-users mailing listShorewall-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2dcopy1 > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1
On Mon, 2011-09-26 at 11:10 +0430, Sayed Jahed Hussini wrote:> hey, > > Its not just ping, i cannot do anything! I cannot access any address > out side of the LAN(i tried public IP and Names). I think the main > problem is that its not doing NAT, cause I can ping the > 192.168.1.1(FW''s internal IP) ,but cannot ping that address that is > registered outside(WAN IP).If you ''shorewall clear'', can you ping the firewall''s WAN IP address from a host behind the firewall? If not, then your problem is that the host behind the firewall isn''t configured to use the Shorewall box as its default gateway. If that isn''t the problem, then please: - ''shorewall start'' - try to ping from a local host to a host outside of the internet. Use the hosts''s IP address rather than a DNS name. - ''shorewall dump > dump.txt'' - Forward the dump.txt as an email attachment. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1
El 25/09/11 11:19, Tom Eastep escribió:> On Sun, 2011-09-25 at 11:06 +0430, Sayed Jahed Hussini wrote: > >> I have installed shorewall on ubuntu 10.10. i want to use it as a dhcp >> server/gateway for our network. the computer have two network cards, >> one of them connected to the WAN (eth4) and the other one is connected >> to the lan. I have installed a dhcp server, which was distributing IP >> Addresses fine and then I installed dnsmasq. now the computer is >> distributing IP addresses but the clients cannot get a connection >> outside the box. I can ping the net from within the gateway(machine >> that shorewall is installed on) but not from the clients. the >> Shorewall seems to be running fine, "shorewall start/restart/stop" >> works fine. the dhcp server is running, the dnsmasq is running. But I >> don''t have any idea why i cannot ping through this? your help is very >> much appreciated. > Have you set IP_FORWARDING=Yes in shorewall.conf? > > -Tom > > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2dcopy2 > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-usersMissing rules in masq and policy ? Example: */etc/shorewall/masq* *#interface Lan-net Inet-gateway proto* eth4 10.0.0.0/24 192.168.150.99 all */etc/shorewall/policy* *#source dest policy log level * $FW all ACCEPT lan inet ACCEPT all all REJECT info ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1