On 12 Sep 2002, Florin wrote:
> [EMAIL PROTECTED] (Dale Huckeby) writes:
>
>> Installed rc2 with shorewall, configured with wizard, got no route to
>> host when trying to get email. Uninstalled shorewall, deleted
>> "/etc/inet.d/shorewall", rebooted, and connection worked. I'm connected
>> to a router which is connected to a cable modem.
>>
>> Dale Huckeby
>
> 1. configure your internet connection with draknet
> 2. configure your internet access with draknet
> 3. configure your security or internet sharing
> 4. try if it works
After about 3.5 hours, yes! :)
> 5. grep -v ^# /etc/shorewall/{zones,interfaces,policy,masq,rules} |grep -v
> ^$
> and send us the output
/etc/shorewall/zones:net Net Internet
/etc/shorewall/interfaces:net eth0 detect
norfc1918,routefilter,dhcp,routestopped
/etc/shorewall/policy:fw net ACCEPT
/etc/shorewall/policy:net all DROP info
/etc/shorewall/policy:all all REJECT info
/etc/shorewall/masq:eth0 192.168.123.0 63.92.157.159
/etc/shorewall/masq:
/etc/shorewall/masq:
/etc/shorewall/rules:ACCEPT fw net udp 53
/etc/shorewall/rules:ACCEPT fw net tcp 53
/etc/shorewall/rules:
Changing 192.168.123.189, which is the number I saw when configuring via
the wizard (the ip address assigned to me by the router?), to xxxxx0/200
worked, and then I changed it to xxxxxx.0, the number *I* assigned my
machine, once I realized what it wanted.
> 6. with the sharing connection enabled, can you ping a real web IP address ?
> In that case the you have name resolution problem.
Not sure what you mean by that. We just have two computers connected to
the same router. They don't interact with each other. At any rate I can
now ping addresses and reach them with my browser.
> 7. server named status on firewall
Sorry. Don't know what you mean.
> 8. cat /erc/resolv.conf on the client side
nameserver 63.64.9.11
nameserver 63.64.9.19
search
> 9. route -n on the client side
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.123.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.123.254 0.0.0.0 UG 0 0 0 eth0
Thanks for your time, which I know you don't have much of. I'm glad to
have a functioning firewall, but I think the average person who installs
shorewall will find himself cut off from the internet and won't know why.
I did several reinstalls and lots of network reconfiguration before I
discovered it by comparing my /etc directories between rc1 and rc2. It's
probably too late now, but perhaps some warning could be put into the
install process in the future alerting the user to a possible (probable?)
source of difficulty if he installs shorewall.
Dale Huckeby
ps. But I wasn't able to send this email on the first try ("No such host
as mail.sigecom.net"), so will try again now that I've given the
"shorewall stop" command.
