Shorewall with Debian

To: debian-user@lists.debian.org
Subject: Shorewall with Debian
From: Phillipus Gunawan <mr_phillipus@yahoo.com>
Date: Mon, 24 Nov 2008 18:50:38 -0800 (PST)
Message-id: <[🔎] 613822.23741.qm@web65706.mail.ac4.yahoo.com>

Hi There,

I got a problem setting up Shorewall under Debian, hope if someone can guide me here...

Problem 1

I install Debian with eth2 plugged

When Im using eth2, I can log in to my box (using webmin) to configure the debian either using 10.1.1.1 or 10.1.1.4 address remotely from other hosts, I can ping other host (e.g 10.1.1.5). But when I use eth2, I cant ping or do anything, the ping result from Debian: From 10.1.1.4 Host Unreachable

What mistake I did? Why I can't use eth1 connected with other hosts?


Problem 2

PPPoE up and running, I can ping any web address from Debian (e.g. www.yahoo.com)
But Im not able to make other host (e.g. 10.1.1.5) connect to internet via gateway on eth1 nor eth2

Again, ignoring the use of eth2 and I can configure eth1 to talk with other hosts (problem 1 solved), how I can make Shorewall working to share the internet?
Or, just using eth2, what mistake on my Shorewall conf?

Any help would be much appreciated
Thanks in advance

All configurations are pasted below



Shorewall version 4.0.14
Debian Etch
Webmin Version 1.441

eth0 -> 10.1.1.1 connected to a router, act as gateway for other hosts
eth1 -> 10.1.1.4 connected to wireless router
eth2 -> connected to adsl bridged modem, working OK using RP-PPPoE, outputing ppp0 with correct ip from TPG


Shorewall configuration

Interfaces
#ZONE    INTERFACE    BROADCAST    OPTIONS
net    ppp0    detect    routefilter
loc    eth0    10.1.1.255
loc    eth1    10.1.1.255

Masq
#INTERFACE        SOURCE        ADDRESS        PROTO    PORT(S)    IPSEC    MARK
ppp0            eth1
ppp0            eth0

Policy
$FW        net        ACCEPT
$FW        loc        ACCEPT
net        $FW        ACCEPT
net        loc        ACCEPT
loc        $FW        ACCEPT
loc        net        ACCEPT

Zones
fw    firewall
net    ipv4
loc    ipv4




~# shorewall check

Checking...
Initializing...
Determining Zones...
   IPv4 Zones: net loc
   Firewall Zone: fw
Validating interfaces file...
Validating hosts file...
Pre-processing Actions...
   Pre-processing /usr/share/shorewall/action.Drop...
   Pre-processing /usr/share/shorewall/action.Reject...
Validating Policy file...
Determining Hosts in Zones...
   net Zone: ppp0:0.0.0.0/0
   loc Zone: eth0:0.0.0.0/0 eth1:0.0.0.0/0
Deleting user chains...
Checking /etc/shorewall/routestopped ...
Creating Interface Chains...
Checking Common Rules
Checking Kernel Route Filtering...
Checking Martian Logging...
Checking /etc/shorewall/rules...
Checking Actions...
Checking /usr/share/shorewall/action.Drop for Chain Drop...
Checking /usr/share/shorewall/action.Reject for Chain Reject...
Checking /etc/shorewall/policy...
Checking Masquerading/SNAT
Checking Traffic Control Rules...
Checking Rule Activation...
Compiling IP Forwarding...
Shorewall configuration verified


~# shorewall status

Shorewall-4.0.14 Status at debian - Tue Nov 25 20:23:36 EST 2008

Shorewall is running
State:Started (Tue Nov 25 20:23:32 EST 2008)


~# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:E0:4C:50:18:FD  
          inet addr:10.1.1.1  Bcast:10.255.255.255  Mask:255.0.0.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:201 Base address:0x8000 

eth1      Link encap:Ethernet  HWaddr 00:E0:4C:50:16:70  
          inet addr:10.1.1.4  Bcast:10.255.255.255  Mask:255.0.0.0
          inet6 addr: fe80::2e0:4cff:fe50:1670/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2388 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3341 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:305137 (297.9 KiB)  TX bytes:2690271 (2.5 MiB)
          Interrupt:209 Base address:0xc000 

eth2      Link encap:Ethernet  HWaddr 00:15:58:1D:4B:4F  
          inet6 addr: fe80::215:58ff:fe1d:4b4f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:425 errors:0 dropped:0 overruns:0 frame:0
          TX packets:423 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:59062 (57.6 KiB)  TX bytes:67383 (65.8 KiB)
          Interrupt:193 Base address:0xa800 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:560 (560.0 b)  TX bytes:560 (560.0 b)

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:xxx.xxx.xxx.xxx  P-t-P:10.20.20.106  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:379 errors:0 dropped:0 overruns:0 frame:0
          TX packets:375 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:47826 (46.7 KiB)  TX bytes:56054 (54.7 KiB)


      Start your day with Yahoo!7 and win a Sony Bravia TV. Enter now http://au.docs.yahoo.com/homepageset/?p1=other&p2=au&p3=tagline

Reply to:

Follow-Ups:
- Re: Shorewall with Debian
  - From: Abel McClendon <hcmmac@hosscomm.com>
- Re: Shorewall with Debian
  - From: Andrei Popescu <andreimpopescu@gmail.com>

Prev by Date: Re: command for checking executability
Next by Date: Re: apache2 warning
Previous by thread: Lenny install-partition swap problem
Next by thread: Re: Shorewall with Debian
Index(es):
- Date
- Thread