Shorewall users - Dec 2013 - Using 192.168.x.x on external NIC for testing.

Hi there.

I''m testing shorewall before production use on my home network.
I''ve used
shorewall before in production environment, but its long time ago.

Any help is appreciatet. :-)

*My setup*:
- FW and client is running from VirtualBox.
- I''m using example files from
/usr/share/doc/shorewall/examples/two-interfaces on debian 7.2.0.

*Firewall*
net: eth0: 192.168.1.175 (from local DHCP)
loc: eth1: 10.29.3.1

*Client on the inside (loc)*
IP: 10.29.3.2

*What works*
- FW can ping 8.8.8.8 and test client(10.29.3.2)
- Client can ping FW:eth0(192.168.1.175)
- Client can ping FW:eth1(10.29.3.1)
- SSH connection from outside to FW

*What doesn''t work*
Ping from client to 8.8.8.8
w3m to google.com

Keep in mind that I''m using an RFC 1918 private IP address for
"net"/eth0.
Any ideas as to what I''m missing or doing wrong?

Thanks in advance.

Med venlig hilsen/Kind regards

*Michael B. Arp Sørensen*
www.arpsorensen.dk
michael@arpsorensen.dk
bernhard@mil.dk
google.com/+MichaelBernhardArpSørensen

*Deceptionally primitive appearance.*


------------------------------------------------------------------------------
Sponsored by Intel(R) XDK 
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk

Hi there.

I''m testing shorewall before production use on my home network.
I''ve used
shorewall before in production environment, but its long time ago.

Any help is appreciated. :-)

My setup:
- FW and client is running from VirtualBox.
- I''m using example files from
/usr/share/doc/shorewall/examples/two-interfaces on debian 7.2.0.

Firewall
net: eth0: 192.168.1.175 (from local DHCP)
loc: eth1: 10.29.3.1

Client on the inside (loc)
IP: 10.29.3.2

What works
- FW can ping 8.8.8.8 and test client(10.29.3.2)
- Client can ping FW:eth0(192.168.1.175)
- Client can ping FW:eth1(10.29.3.1)
- SSH connection from outside to FW

What doesn''t work
- Ping from client to 8.8.8.8
- w3m to google.com

Keep in mind that I''m using an RFC 1918 private IP address for
"net"/eth0.
Any ideas as to what I''m missing or doing wrong?

Thanks in advance.

Med venlig hilsen/Kind regards

Michael B. Arp Sørensen


------------------------------------------------------------------------------
Sponsored by Intel(R) XDK 
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk

Le 2013-12-10 09:51, Michael Bernhard Arp Sørensen a
écrit :
> Hi there.
> 
> I'm testing shorewall before production use on my home network.
I've
> used shorewall before in production environment, but its long time
> ago.
> 
> Any help is appreciated. :-)
> 
> My setup:
> - FW and client is running from VirtualBox.
> - I'm using example files from
> /usr/share/doc/shorewall/examples/two-interfaces on debian 7.2.0.
> 
> Firewall
> net: eth0: 192.168.1.175 (from local DHCP)
>  loc: eth1: 10.29.3.1
> 
> Client on the inside (loc)
> IP: 10.29.3.2
> 
> What works
> - FW can ping 8.8.8.8 and test client(10.29.3.2)
> - Client can ping FW:eth0(192.168.1.175)
> - Client can ping FW:eth1(10.29.3.1)
>  - SSH connection from outside to FW
> 
> What doesn't work
> - Ping from client to 8.8.8.8
> - w3m to google.com [1]
> 
> Keep in mind that I'm using an RFC 1918 private IP address for
> "net"/eth0. Any ideas as to what I'm missing or doing wrong?
> 
> Thanks in advance.
> 
> Med venlig hilsen/Kind regards
> 
> Michael B. Arp Sørensen

Hello,

This is documented into:

FAQ 15
FAQ 76

You should also check /etc/shorewall/masq is OK.

HTH.
Jerome Blion.

------------------------------------------------------------------------------
Sponsored by Intel(R) XDK 
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Hi again.

Problem solved. :-)

As suggested, I checked /etc/shorewall/masq.

I changed from:

eth0                   10.0.0.0/8,\
                       169.254.0.0/16,\
                       172.16.0.0/12,\
                       192.168.0.0/16

to:

eth0                    10.0.0.0/8,\
                        169.254.0.0/16,\
                        172.16.0.0/12

Now to some serious testing. :-)

Thanks for the pointer, Jerome.


Med venlig hilsen

*Michael B. Arp Sørensen*


On Tue, Dec 10, 2013 at 12:19 PM, Jérôme Blion <jerome.blion@free.fr>
wrote:
> Hello,
>
> This is documented into:
>
> FAQ 15
> FAQ 76
>
> You should also check /etc/shorewall/masq is OK.
>
> HTH.
> Jerome Blion.
>
>
>
------------------------------------------------------------------------------
> Sponsored by Intel(R) XDK
> Develop, test and display web and hybrid apps with a single code base.
> Download it for free now!
>
>
http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>

------------------------------------------------------------------------------
Sponsored by Intel(R) XDK 
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk

> *My setup*:
> - FW and client is running from VirtualBox.
> - I''m using example files from
> /usr/share/doc/shorewall/examples/two-interfaces on debian 7.2.0.
> 
> *Firewall*
> net: eth0: 192.168.1.175 (from local DHCP)
> loc: eth1: 10.29.3.1
> 
> *Client on the inside (loc)*
> IP: 10.29.3.2
> 
> *What works*
> - FW can ping 8.8.8.8 and test client(10.29.3.2)
> - Client can ping FW:eth0(192.168.1.175)
> - Client can ping FW:eth1(10.29.3.1)
> - SSH connection from outside to FW
> 
> *What doesn''t work*
> Ping from client to 8.8.8.8
> w3m to google.com
Your router which connects you  to the internet (and does DHCP?)
doesn''t know
how to reach  10.29.3.1.

Axel

-- 
Wir verwenden ausschließlich blaue Elektronen aus biologischem Anbau.

------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don''t have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics
Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk