Re: Fw: shorewall newbie Revisit: new IP
Ah.... at last, someone asking about the routing
I am bit suspicious that this is the problem
(before everything started)
> route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
> pppoe start
> shorewall start
(after ppp0 up and same result after firing up shorewall)
> route -n
Destination Gateway Genmask Flags Metric Ref Use Iface
10.20.20.125 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
> route add default gw 10.20.20.125 dev ppp0
> route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.20.20.125 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
0.0.0.0 10.20.20.125 0.0.0.0 UG 0 0 0 ppp0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
> ip route ls
10.20.20.125 dev ppp0 proto kernel scope link src 220.244.8.194
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.1
10.0.0.0/8 dev eth0 proto kernel scope link src 10.1.1.4
default via 10.20.20.125 dev ppp0
default dev ppp0 scope link
Still, I am unable to get anything from my winXp 10.1.1.5
I am not sure putting default gw 10.20.20.125 dev ppp0 is the correct syntax
10.20.20.125 is not the real IP address from TPG
eth2 is never being fired up, not even listed on /etc/network.interfaces
auto eth0 eth1 lo
iface lo inet loopback
allow-hotplug eth0 eth1
iface eth0 inet static
address 10.1.1.4
netmask 255.0.0.0
network 10.0.0.0
broadcast 10.255.255.255
iface eth1 inet static
address 192.168.1.1
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
also for consideration, few of conf files
/etc/resolv.conf (added auto from pppoe, TPG' DNS)
nameserver 203.12.160.35
nameserver 203.12.160.36
/etc/networks
loopback 127.0.0.0
link-local 169.254.0.0
localnet 10.0.0.0
And attaching my shorewall.conf(.txt)
Hope these info clearing up my mistake somewhere....
----- Original Message ----
From: subscriptions <subscriptions@rdegraaf.nl>
To: Phillipus Gunawan <mr_phillipus@yahoo.com>
Sent: Wednesday, 26 November, 2008 6:57:07 PM
Subject: Re: Fw: shorewall newbie Revisit: new IP
On Wed, 2008-11-26 at 07:59 +0100, Phillipus Gunawan wrote:
>
>
>
> Hi There,
>
> As suggested, I change the IP for eth1, but unfortunately, still same
> result, but I hope to get a light this time
> On Policy, I simply put "ALL ALL ACCEPT" just for a starter, to get
> this shorewall working is my priority
> Why i am not simply put net.ipv4.ip_forward=1, I want to get this
> shorewall up and running.....
>
> I am using eth0 and connect from other host (e.g. 10.1.1.5, winXp) and
> set the gateway and DNS as 10.1.1.4
> No connection, only able to ping 10.1.1.4 ....
>
> I am still in a BIG question, what I did wrong
> I also simply copying the "three-interfaces" example also trying
> "two-interfaces", still no luck
>
> Can anyone guide me?
>
How is the routing?
Do: route -n
Start your day with Yahoo!7 and win a Sony Bravia TV. Enter now http://au.docs.yahoo.com/homepageset/?p1=other&p2=au&p3=tagline
STARTUP_ENABLED=Yes
VERBOSITY=1
SHOREWALL_COMPILER=
# L O G G I N G
LOGFILE=/var/log/messages
LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No
LOGRATE=
LOGBURST=
LOGALLNEW=
BLACKLIST_LOGLEVEL=
MACLIST_LOG_LEVEL=info
TCP_FLAGS_LOG_LEVEL=info
RFC1918_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
LOG_MARTIANS=No
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
IPTABLES=
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=""
MODULESDIR=
CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
IPSECFILE=zones
LOCKFILE=
# D E F A U L T A C T I O N S / M A C R O S
DROP_DEFAULT="Drop"
REJECT_DEFAULT="Reject"
ACCEPT_DEFAULT="none"
QUEUE_DEFAULT="none"
NFQUEUE_DEFAULT="none"
# R S H / R C P C O M M A N D S
RSH_COMMAND='ssh ${root}@${system} ${command}'
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
# F I R E W A L L O P T I O N S
IP_FORWARDING=On
ADD_IP_ALIASES=Yes
ADD_SNAT_ALIASES=No
RETAIN_ALIASES=No
TC_ENABLED=Internal
TC_EXPERT=No
CLEAR_TC=Yes
MARK_IN_FORWARD_CHAIN=No
CLAMPMSS=Yes
ROUTE_FILTER=Yes
DETECT_DNAT_IPADDRS=Yes
MUTEX_TIMEOUT=60
ADMINISABSENTMINDED=Yes
BLACKLISTNEWONLY=Yes
DELAYBLACKLISTLOAD=No
MODULE_SUFFIX=
DISABLE_IPV6=Yes
BRIDGING=No
DYNAMIC_ZONES=No
PKTTYPE=Yes
RFC1918_STRICT=No
MACLIST_TABLE=filter
MACLIST_TTL=
SAVE_IPSETS=No
MAPOLDACTIONS=No
FASTACCEPT=No
IMPLICIT_CONTINUE=Yes
HIGH_ROUTE_MARKS=No
USE_ACTIONS=Yes
OPTIMIZE=0
EXPORTPARAMS=Yes
EXPAND_POLICIES=Yes
KEEP_RT_TABLES=No
DELETE_THEN_ADD=Yes
MULTICAST=No
DONT_LOAD=
# P A C K E T D I S P O S I T I O N
BLACKLIST_DISPOSITION=DROP
MACLIST_DISPOSITION=REJECT
TCP_FLAGS_DISPOSITION=DROP
#LAST LINE -- DO NOT REMOVE
Reply to: