Re: Fw: shorewall newbie Revisit: new IP
> route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
> route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.20.20.106 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
> route del -net 0.0.0.0 netmask 0.0.0.0 dev ppp0
> route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.20.20.106 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
> route add default gw 10.20.20.106 dev ppp0
> route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.20.20.106 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
0.0.0.0 10.20.20.106 0.0.0.0 UG 0 0 0 ppp0
> ip route ls
10.20.20.106 dev ppp0 proto kernel scope link src 220.244.8.194
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.1
10.0.0.0/8 dev eth0 proto kernel scope link src 10.1.1.4
default via 10.20.20.106 dev ppp0
> shorewall start
> shorewall status
Shorewall-4.0.14 Status at debian - Thu Nov 27 13:58:42 EST 2008
Shorewall is running
State:Started (Thu Nov 27 13:46:29 EST 2008)
using 10.1.1.5, gw/dns = 10.1.1.4
C:\>ping 220.244.8.194
Pinging 220.244.8.194 with 32 bytes of data:
Reply from 220.244.8.194: bytes=32 time<1ms TTL=64
Reply from 220.244.8.194: bytes=32 time<1ms TTL=64
Reply from 220.244.8.194: bytes=32 time<1ms TTL=64
Reply from 220.244.8.194: bytes=32 time<1ms TTL=64
Ping statistics for 220.244.8.194:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\>ping 10.20.20.106
Pinging 10.20.20.106 with 32 bytes of data:
Reply from 10.20.20.106: bytes=32 time=552ms TTL=254
Reply from 10.20.20.106: bytes=32 time=22ms TTL=254
Reply from 10.20.20.106: bytes=32 time=23ms TTL=254
Reply from 10.20.20.106: bytes=32 time=22ms TTL=254
Ping statistics for 10.20.20.106:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 22ms, Maximum = 552ms, Average = 154ms
C:\>ping www.yahoo.com
Ping request could not find host www.yahoo.com. Please check the name and try again.
10.20.20.125 which now become 10.20.20.106 is the TPG' gateway
which makes me wonder, why its always changing even I got static IP
In case that the routing is in correct order/working, how would I tell this Debian to do it auto without manually adding route command? What about with my static IP from TPG then?
But yeah, nothing being accomplished until now
Anything or any small thing that I missed?
I attached result of iptables -L after shorewall started, hope can lead me to a clue
Cheers
----- Original Message ----
From: subscriptions <subscriptions@rdegraaf.nl>
To: Phillipus Gunawan <mr_phillipus@yahoo.com>
Cc: "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Sent: Thursday, 27 November, 2008 1:27:23 AM
Subject: Re: Fw: shorewall newbie Revisit: new IP
On Wed, 2008-11-26 at 13:41 +0100, Phillipus Gunawan wrote:
>
> > route -n
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 10.20.20.125 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
> 10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
> 0.0.0.0 10.20.20.125 0.0.0.0 UG 0 0 0 ppp0
> 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
The last two lines are in conflict; the last line should be removed.
Also tighten the mask of 10.x subnet, so the total routing becomes:
route -n
Destination Gateway Genmask Flags Metric Ref Use Iface
10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.20.20.125 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
0.0.0.0 10.20.20.125 0.0.0.0 UG 0 0 0 ppp0
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Start your day with Yahoo!7 and win a Sony Bravia TV. Enter now http://au.docs.yahoo.com/homepageset/?p1=other&p2=au&p3=taglineChain INPUT (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
ppp0_in 0 -- anywhere anywhere
eth0_in 0 -- anywhere anywhere
eth1_in 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ppp0_fwd 0 -- anywhere anywhere
eth0_fwd 0 -- anywhere anywhere
eth1_fwd 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
ppp0_out 0 -- anywhere anywhere
eth0_out 0 -- anywhere anywhere
eth1_out 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere
Chain Drop (0 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth
dropBcast 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid 0 -- anywhere anywhere
DROP udp -- anywhere anywhere multiport dports loc-srv,microsoft-ds
DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
DROP udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
DROP tcp -- anywhere anywhere multiport dports loc-srv,netbios-ssn,microsoft-ds
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain
Chain Reject (0 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth
dropBcast 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid 0 -- anywhere anywhere
reject udp -- anywhere anywhere multiport dports loc-srv,microsoft-ds
reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
reject udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
reject tcp -- anywhere anywhere multiport dports loc-srv,netbios-ssn,microsoft-ds
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain
Chain all2all (10 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere
Chain dropBcast (2 references)
target prot opt source destination
DROP 0 -- anywhere anywhere PKTTYPE = broadcast
DROP 0 -- anywhere anywhere PKTTYPE = multicast
Chain dropInvalid (2 references)
target prot opt source destination
DROP 0 -- anywhere anywhere state INVALID
Chain dropNotSyn (2 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
Chain dynamic (6 references)
target prot opt source destination
Chain eth0_fwd (1 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
all2all 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
Chain eth0_in (1 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
all2all 0 -- anywhere anywhere
Chain eth0_out (1 references)
target prot opt source destination
all2all 0 -- anywhere anywhere
Chain eth1_fwd (1 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
all2all 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
Chain eth1_in (1 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
all2all 0 -- anywhere anywhere
Chain eth1_out (1 references)
target prot opt source destination
all2all 0 -- anywhere anywhere
Chain logdrop (0 references)
target prot opt source destination
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:logdrop:DROP:'
DROP 0 -- anywhere anywhere
Chain logreject (0 references)
target prot opt source destination
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:logreject:REJECT:'
reject 0 -- anywhere anywhere
Chain ppp0_fwd (1 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
all2all 0 -- anywhere anywhere
all2all 0 -- anywhere anywhere
Chain ppp0_in (1 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
all2all 0 -- anywhere anywhere
Chain ppp0_out (1 references)
target prot opt source destination
all2all 0 -- anywhere anywhere
Chain reject (7 references)
target prot opt source destination
DROP 0 -- anywhere anywhere PKTTYPE = broadcast
DROP 0 -- anywhere anywhere PKTTYPE = multicast
DROP 0 -- 10.255.255.255 anywhere
DROP 0 -- 192.168.1.255 anywhere
DROP 0 -- 255.255.255.255 anywhere
DROP 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere
DROP igmp -- anywhere anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited
Chain shorewall (0 references)
target prot opt source destination
Chain smurfs (0 references)
target prot opt source destination
LOG 0 -- 10.255.255.255 anywhere LOG level info prefix `Shorewall:smurfs:DROP:'
DROP 0 -- 10.255.255.255 anywhere
LOG 0 -- 192.168.1.255 anywhere LOG level info prefix `Shorewall:smurfs:DROP:'
DROP 0 -- 192.168.1.255 anywhere
LOG 0 -- 255.255.255.255 anywhere LOG level info prefix `Shorewall:smurfs:DROP:'
DROP 0 -- 255.255.255.255 anywhere
LOG 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere LOG level info prefix `Shorewall:smurfs:DROP:'
DROP 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere
Reply to: