You are masquerading on both eth0 and eth1 ? This really is a strange setup and you should expect problems.
If you want to be able to connect to your computers on your own lan from the university LAN and back you don't need masq. Set FORWARD_IPV4=true in /etc/sysconfig/network (and restart network) so your linux-box will forward packages. This means also that all computers you use on the university LAN must have an extra route configured to your lan. This probably is not the setup you are looking for. What I think is that 9.0 detected your network cards in a differend order If you only need to connect from your own lan to the university LAN and internet then: Make sure your own network is connected to eth0 and university LAN to eth1 Then /etc/shorewall/masq should only read eth0 Then you can hack the /etc/shorewall/policy file and set all DROP and REJECT to ACCEPT (this is a dirty thing and if you want tighter security you should read the shorewall doc !!) Restart and should be ok I think. -----Original Message----- From: cooker-firewall [mailto:[EMAIL PROTECTED]] Sent: maandag 30 september 2002 10:44 To: cooker-firewall Subject: [Cooker-firewall] Internet Connection Sharing and Shorewall WARNING: Unsanitized content follows. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello! I have found a strange problem with Internet Connection Sharing in Dolphin. My hardware configuration is two 10 Mbit NIC's, one connected to my local LAN and one to the campus LAN. ICS worked beatifully straight out of the box in 8.2 so I was suprised when I ran into these problems in 9.0 1) I started ICS and configured it in the same manner as in previous versions. It did not work, even though all packages got installed and shorewall was running. When I digged a little I noticed that the ICS tool had not made the needed changes to the /etc/shorewall/masq file. It read only "eth0" when it should have been "eth0 eth1". With this manual change I got it up and running. 2) Then I tried to browse samba from computers in my own LAN. No response from the server. After a little thought and reading the logs I came to the conclusion that the firewall ate the packets. I turned it off in the Control Center, or rather made it pass all packets. 3) To my great surprise this also turned off the IP masquerading. 'iptables - -L' was totally empty and no packets from my computers behind the firewall were forwarded anywhere. I want IP masquerading but I do not need a firewall as the university LAN already is behind one. At the moment this can't be done with the ICS tool in the Control Center. As the previous versions of Mandrake had this functinality I can only consider this a bug. One that hopefully will be squashed soon. I'm not very happy with switching iptables rules every time I want to access my documents on the file server. Regards, Sebastian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9mA7T5q3krQALKugRAq0JAJ9JIV2eTMAJr5dnHWjlokKgbcy09QCeNZI7 H2KLDX9+JZ045ZMjn7IRcds= =dyli -----END PGP SIGNATURE-----
