Jérôme Blion
2013-Nov-12 23:50 UTC
have to clear + start shorewall in order masquerading to work
Hello everyone, I use shorewall for years. I''m installing a new server today and have some troubles having Shorewall working exactly the way I want. I have the following Network: FTTH (Orange) == ONT (fiber to ethernet) ==[eth0->vlan835->ppp0] Server (Linux Debian Wheezy) [br0 (eth2/wlan0)]== switch == LAN I want to allow my LAN to go on internet. I used the "two-interfaces" example as startup base. At boot, masquerading does not work. To make it work, I have to do: shorewall clear && shorewall start After these commands, everything works fine. I have several bridges and VLANs set up : # brctl show bridge name bridge id STP enabled interfaces br0 8000.78542e06ca4e no eth2 wlan0 video 8000.002590c50933 no eth3 vlan838 vlan839 vlan840 vlan841 br0 provides network for both wireless and wired clients. video is a very specific bridge to enable Orange TV without their proprietary box. /etc/shorewall/masq: ppp0 192.168.1.0/24 part of /etc/network/interfaces: iface vlan835 inet manual vlan-raw-device eth0 My ppp connection: # egrep -v "^$|^#" /etc/ppp/peers/orange pty "/usr/sbin/pppoe -I vlan835 -T 80 -m 1452" noipdefault usepeerdns defaultroute hide-password lcp-echo-interval 20 lcp-echo-failure 3 connect /bin/true noauth persist mtu 1492 noaccomp default-asyncmap plugin rp-pppoe.so user "myusername_here" I compared results of following commands, they have the same output before and after the clear & start. - iptables -L -n - netstat -rtp - lsmod What should I check to identify why Shorewall does not behave the same way at boot and after the full boot process occured? Best regards. Jerome Blion. ------------------------------------------------------------------------------ DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access Free app hosting. Or install the open source package on any LAMP server. Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native! http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
Tom Eastep
2013-Nov-13 00:00 UTC
Re: have to clear + start shorewall in order masquerading to work
On 11/12/2013 3:50 PM, Jérôme Blion wrote:> Hello everyone, > > I use shorewall for years. I''m installing a new server today and have > some troubles having Shorewall working exactly the way I want. > I have the following Network: > > FTTH (Orange) == ONT (fiber to ethernet) ==[eth0->vlan835->ppp0] Server > (Linux Debian Wheezy) [br0 (eth2/wlan0)]== switch == LAN > > I want to allow my LAN to go on internet. I used the "two-interfaces" > example as startup base. > > At boot, masquerading does not work. To make it work, I have to do: > shorewall clear && shorewall start > After these commands, everything works fine. > > I have several bridges and VLANs set up : > > # brctl show > bridge name bridge id STP enabled interfaces > br0 8000.78542e06ca4e no eth2 > wlan0 > video 8000.002590c50933 no eth3 > vlan838 > vlan839 > vlan840 > vlan841 > > br0 provides network for both wireless and wired clients. > video is a very specific bridge to enable Orange TV without their > proprietary box. > > /etc/shorewall/masq: > ppp0 192.168.1.0/24 > > part of /etc/network/interfaces: > iface vlan835 inet manual > vlan-raw-device eth0 > > My ppp connection: > # egrep -v "^$|^#" /etc/ppp/peers/orange > pty "/usr/sbin/pppoe -I vlan835 -T 80 -m 1452" > noipdefault > usepeerdns > defaultroute > hide-password > lcp-echo-interval 20 > lcp-echo-failure 3 > connect /bin/true > noauth > persist > mtu 1492 > noaccomp > default-asyncmap > plugin rp-pppoe.so > user "myusername_here" > > I compared results of following commands, they have the same output > before and after the clear & start. > - iptables -L -n > - netstat -rtp > - lsmod > > What should I check to identify why Shorewall does not behave the same > way at boot and after the full boot process occured?That is Shorewall FAQ 78. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access Free app hosting. Or install the open source package on any LAMP server. Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native! http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
Jérôme Blion
2013-Nov-13 00:15 UTC
Re: have to clear + start shorewall in order masquerading to work
Le 13/11/2013 01:00, Tom Eastep a écrit :> On 11/12/2013 3:50 PM, Jérôme Blion wrote: >> Hello everyone, >> >> I use shorewall for years. I''m installing a new server today and have >> some troubles having Shorewall working exactly the way I want. >> I have the following Network: >> >> FTTH (Orange) == ONT (fiber to ethernet) ==[eth0->vlan835->ppp0] Server >> (Linux Debian Wheezy) [br0 (eth2/wlan0)]== switch == LAN >> >> I want to allow my LAN to go on internet. I used the "two-interfaces" >> example as startup base. >> >> At boot, masquerading does not work. To make it work, I have to do: >> shorewall clear && shorewall start >> After these commands, everything works fine. >> >> I have several bridges and VLANs set up : >> >> # brctl show >> bridge name bridge id STP enabled interfaces >> br0 8000.78542e06ca4e no eth2 >> wlan0 >> video 8000.002590c50933 no eth3 >> vlan838 >> vlan839 >> vlan840 >> vlan841 >> >> br0 provides network for both wireless and wired clients. >> video is a very specific bridge to enable Orange TV without their >> proprietary box. >> >> /etc/shorewall/masq: >> ppp0 192.168.1.0/24 >> >> part of /etc/network/interfaces: >> iface vlan835 inet manual >> vlan-raw-device eth0 >> >> My ppp connection: >> # egrep -v "^$|^#" /etc/ppp/peers/orange >> pty "/usr/sbin/pppoe -I vlan835 -T 80 -m 1452" >> noipdefault >> usepeerdns >> defaultroute >> hide-password >> lcp-echo-interval 20 >> lcp-echo-failure 3 >> connect /bin/true >> noauth >> persist >> mtu 1492 >> noaccomp >> default-asyncmap >> plugin rp-pppoe.so >> user "myusername_here" >> >> I compared results of following commands, they have the same output >> before and after the clear & start. >> - iptables -L -n >> - netstat -rtp >> - lsmod >> >> What should I check to identify why Shorewall does not behave the same >> way at boot and after the full boot process occured? > That is Shorewall FAQ 78. > > -TomHello Tom, Thank you, that did the trick. It''s strange that Google did not find this FAQ''s entry; Anyway, it works like a charm now ! Thank you. Best regards. Jerome Blion. ------------------------------------------------------------------------------ DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access Free app hosting. Or install the open source package on any LAMP server. Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native! http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk