Re: Shorewall & network/interfaces

To: debian-user@lists.debian.org
Subject: Re: Shorewall & network/interfaces
From: "Clifford W. Hansen" <clifford@nighthawk.co.za>
Date: Wed, 26 Nov 2008 15:13:30 +0200
Message-id: <[🔎] 200811261513.43805.clifford@nighthawk.co.za>
In-reply-to: <[🔎] 492C9E46.2060900@tacocat.net>
References: <[🔎] aa6023de0811250304o7472e235uc47968100c3f153d@mail.gmail.com> <[🔎] 20081125164610.GD21641@think.homelan> <[🔎] 492C9E46.2060900@tacocat.net>

On Wednesday 26 November 2008 02:54, Tom Allison wrote:
> Andrei Popescu wrote:
> > On Tue,25.Nov.08, 06:04:52, Tom Allison wrote:
> >> I too am trying to set-up Shorewall as a firewall box.
> >> And I ran into some peculiar problems that are related to shorewall
> >> and not related to shorewall.
> >>
> >> right now I'm trying to get the firewall interfaces to come up on the
> >> same network.  So eth0 and eth1 are both on 192.168.1.0/24 with eth1
> >> being DHCP and eth0 being static (eth0 will be my LAN and eth1 will be
> >> my internet).
> >
> > Do they *need* to be on the same network?
>
> They don't need to be on the same network, but I only have one for now.
>
> I originally tried to set this up against the ISP and it could not
> identify any dhcp traffic and only rejected everything as being a
> martian.  Seriously broken?
>
> I'll have to go back and RTFM.

I too am running shorewall and only have two interfaces eth0 (lan) and eth1 (net/pppoe).

My eth1 does not have an ip assigned: (I used pppoeconf to setup pppoe)
<interfaces>
# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
        address 192.168.0.1
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 192.168.0.1
        dns-search example.com

auto dsl
iface dsl inet ppp
pre-up /sbin/ifconfig eth1 up # line maintained by pppoeconf
provider dsl

#auto eth1
#iface eth1 inet manual
</interfaces>

My internet gets started automagically on boot and I get the following routes:
<route>
>>> /sbin/route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
xxx.xxx.xxx.xxx 0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp0
</route>

As you can see eth1 doesn't appear at all as there is no "real" network attached
to it, just the modem.

And then in /etc/shorewall/interfaces make sure that the ppp0 interface has the dhcp option.

Hope this helps.
-- 
Thank you,

Clifford W. Hansen
PHP Developer / Linux Administrator

(Mobile/SMS)          +27 82 883 8677
(Fax)                 +27 86 503 0634
(E-Mail/Jabber/GMail) clifford@nighthawk.co.za
(GPG)                 0x936D6C19
(Web)                 http://nighthawk.co.za/

"We have seen strange things today!"

()  ascii ribbon campaign - against html e-mail
/\  www.asciiribbon.org   - against proprietary attachments

Attachment: pgpeiyprvNxxK.pgp
Description: PGP signature

Reply to:

References:
- Shorewall & network/interfaces
  - From: "Tom Allison" <tom@tacocat.net>
- Re: Shorewall & network/interfaces
  - From: Andrei Popescu <andreimpopescu@gmail.com>
- Re: Shorewall & network/interfaces
  - From: Tom Allison <tom@tacocat.net>

Prev by Date: Re: Shorewall & network/interfaces
Next by Date: Re: USB mount with multiple users broken - SOLVED
Previous by thread: Re: Shorewall & network/interfaces
Next by thread: SMART error (OfflineUncorrectableSector) detected on host:
Index(es):
- Date
- Thread