[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fw: shorewall newbie Revisit: new IP

Ah.... at last, someone asking about the routing
I am bit suspicious that this is the problem

(before everything started)
> route -n 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 eth0

> pppoe start
> shorewall start

(after ppp0 up and same result after firing up shorewall)
> route -n 
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.20.20.125    0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 eth0
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp0

> route add default gw 10.20.20.125 dev ppp0

> route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.20.20.125    0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 eth0
0.0.0.0         10.20.20.125    0.0.0.0         UG    0      0        0 ppp0
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp0

> ip route ls
10.20.20.125 dev ppp0  proto kernel  scope link  src 220.244.8.194 
192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.1 
10.0.0.0/8 dev eth0  proto kernel  scope link  src 10.1.1.4 
default via 10.20.20.125 dev ppp0 
default dev ppp0  scope link 

Still, I am unable to get anything from my winXp 10.1.1.5
I am not sure putting default gw 10.20.20.125 dev ppp0 is the correct syntax
10.20.20.125 is not the real IP address from TPG
eth2 is never being fired up, not even listed on /etc/network.interfaces

auto eth0 eth1 lo
iface lo inet loopback

allow-hotplug eth0 eth1 

iface eth0 inet static
    address 10.1.1.4
    netmask 255.0.0.0
    network 10.0.0.0
    broadcast 10.255.255.255

iface eth1 inet static
    address 192.168.1.1
    netmask 255.255.255.0
    network 192.168.1.0
    broadcast 192.168.1.255


also for consideration, few of conf files

/etc/resolv.conf (added auto from pppoe, TPG' DNS)
nameserver 203.12.160.35
nameserver 203.12.160.36

/etc/networks
loopback    127.0.0.0
link-local    169.254.0.0
localnet    10.0.0.0

And attaching my shorewall.conf(.txt)
Hope these info clearing up my mistake somewhere....









----- Original Message ----
From: subscriptions <subscriptions@rdegraaf.nl>
To: Phillipus Gunawan <mr_phillipus@yahoo.com>
Sent: Wednesday, 26 November, 2008 6:57:07 PM
Subject: Re: Fw: shorewall newbie Revisit: new IP

On Wed, 2008-11-26 at 07:59 +0100, Phillipus Gunawan wrote:
> 
> 
> 
> Hi There,
> 
> As suggested, I change the IP for eth1, but unfortunately, still same
> result, but I hope to get a light this time
> On Policy, I simply put "ALL ALL ACCEPT" just for a starter, to get
> this shorewall working is my priority
> Why i am not simply put net.ipv4.ip_forward=1, I want to get this
> shorewall up and running.....
> 
> I am using eth0 and connect from other host (e.g. 10.1.1.5, winXp) and
> set the gateway and DNS as 10.1.1.4
> No connection, only able to ping 10.1.1.4 ....
> 
> I am still in a BIG question, what I did wrong
> I also simply copying the "three-interfaces" example also trying
> "two-interfaces", still no luck
> 
> Can anyone guide me?
> 

How is the routing?
Do: route -n


      Start your day with Yahoo!7 and win a Sony Bravia TV. Enter now http://au.docs.yahoo.com/homepageset/?p1=other&p2=au&p3=tagline
STARTUP_ENABLED=Yes

VERBOSITY=1

SHOREWALL_COMPILER=

#			       L O G G I N G

LOGFILE=/var/log/messages

LOGFORMAT="Shorewall:%s:%s:"

LOGTAGONLY=No

LOGRATE=

LOGBURST=

LOGALLNEW=

BLACKLIST_LOGLEVEL=

MACLIST_LOG_LEVEL=info

TCP_FLAGS_LOG_LEVEL=info

RFC1918_LOG_LEVEL=info

SMURF_LOG_LEVEL=info

LOG_MARTIANS=No

#	L O C A T I O N	  O F	F I L E S   A N D   D I R E C T O R I E S

IPTABLES=

PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin

SHOREWALL_SHELL=/bin/sh

SUBSYSLOCK=""

MODULESDIR=

CONFIG_PATH=/etc/shorewall:/usr/share/shorewall

RESTOREFILE=

IPSECFILE=zones

LOCKFILE=

#		D E F A U L T   A C T I O N S / M A C R O S

DROP_DEFAULT="Drop"
REJECT_DEFAULT="Reject"
ACCEPT_DEFAULT="none"
QUEUE_DEFAULT="none"
NFQUEUE_DEFAULT="none"

#                        R S H / R C P  C O M M A N D S

RSH_COMMAND='ssh ${root}@${system} ${command}'
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'

#			F I R E W A L L	  O P T I O N S

IP_FORWARDING=On

ADD_IP_ALIASES=Yes

ADD_SNAT_ALIASES=No

RETAIN_ALIASES=No

TC_ENABLED=Internal

TC_EXPERT=No

CLEAR_TC=Yes

MARK_IN_FORWARD_CHAIN=No

CLAMPMSS=Yes

ROUTE_FILTER=Yes

DETECT_DNAT_IPADDRS=Yes

MUTEX_TIMEOUT=60

ADMINISABSENTMINDED=Yes

BLACKLISTNEWONLY=Yes

DELAYBLACKLISTLOAD=No

MODULE_SUFFIX=

DISABLE_IPV6=Yes

BRIDGING=No

DYNAMIC_ZONES=No

PKTTYPE=Yes

RFC1918_STRICT=No

MACLIST_TABLE=filter

MACLIST_TTL=

SAVE_IPSETS=No

MAPOLDACTIONS=No

FASTACCEPT=No

IMPLICIT_CONTINUE=Yes

HIGH_ROUTE_MARKS=No

USE_ACTIONS=Yes

OPTIMIZE=0

EXPORTPARAMS=Yes

EXPAND_POLICIES=Yes

KEEP_RT_TABLES=No

DELETE_THEN_ADD=Yes

MULTICAST=No

DONT_LOAD=

#			P A C K E T   D I S P O S I T I O N

BLACKLIST_DISPOSITION=DROP

MACLIST_DISPOSITION=REJECT

TCP_FLAGS_DISPOSITION=DROP

#LAST LINE -- DO NOT REMOVE
Reply to: