On Tue,25.Nov.08, 22:59:24, Phillipus Gunawan wrote: > > Hi There, > > As suggested, I change the IP for eth1, but unfortunately, still same result, but I hope to get a light this time > On Policy, I simply put "ALL ALL ACCEPT" just for a starter, to get this shorewall working is my priority > Why i am not simply put net.ipv4.ip_forward=1, I want to get this shorewall up and running..... > > I am using eth0 and connect from other host (e.g. 10.1.1.5, winXp) and set the gateway and DNS as 10.1.1.4 > No connection, only able to ping 10.1.1.4 .... > > I am still in a BIG question, what I did wrong > I also simply copying the "three-interfaces" example also trying "two-interfaces", still no luck > > Can anyone guide me? Maybe > Shorewall version 4.0.14 > Debian Etch > Webmin Version 1.441 > > eth0 -> 10.1.1.4 connected to a router, act as gateway for other hosts > eth1 -> 10.1.2.1 connected to wireless router, not connected at the moment, just trying to get wired connection working Start with small steps. First try to get it working without eth1, you can allways add it later. > eth2 -> connected to adsl bridged modem, working OK using RP-PPPoE, > outputing ppp0 with correct ip from TPG > > > Shorewall configuration > > Interfaces > #ZONE INTERFACE BROADCAST OPTIONS > net ppp0 - > loc eth0 10.255.255.255 > loc eth1 10.255.255.255 Comment out the eth1 line > Masq > #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK > ppp0 eth1 > ppp0 eth0 same > Policy > all all ACCEPT > > Zones > fw firewall > net ipv4 > loc ipv4 You also need to set IP_FORWARDING=On in /etc/shorewall/shorewall.conf Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein)
Attachment:
signature.asc
Description: Digital signature