Hello again,
eth1 should appear in the masq zone ... and not in the loc zone ... but
then you need an older kernel in order to have your masquerading working
because it's broken in the current kernel ... as I previously said.
How come you have it duplicated ? ... I cannot reproduce that here ... I
have 4 nics and they are not duplicated ...
Drakgw displays your Nics ? which ones ? and what do you select ?
is this the automatic drakgw configuration or the expert mode one (this is
what I have chosen) ...
>[EMAIL PROTECTED] (Adam Williamson) writes:
> On Wed, 2003-02-26 at 19:13, Florin wrote:
> > 1. what about /etc/sysconfig/network ?
> > 2. what about /etc/sysconfig/network-scripts/net_cnx_up ?
> > 3. ifconfig ?
> > 4. route -n ?
> > 5. grep -v ^# /etc/shorewall/{zones,interfaces,masq,policy,rules} |grep -v $^
>
> 1:
>
> HOSTNAME=aw280.pem.cam.ac.uk
> NETWORKING=yes
> DOMAINNAME=pem.cam.ac.uk
> GATEWAY=131.111.201.62
> GATEWAYDEV=eth0
> FORWARD_IPV4=true
>
> 2:
>
> #!/bin/bash
> if [ "x$1" == "x--boot_time" ]; then exit; fi
>
> /etc/rc.d/init.d/network restart
>
> 3:
>
> eth0 Link encap:Ethernet HWaddr 00:04:5A:5C:72:9D
> inet addr:131.111.201.49 Bcast:131.111.255.255
> Mask:255.255.0.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:400167 errors:0 dropped:0 overruns:0 frame:0
> TX packets:79020 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> RX bytes:237563999 (226.5 Mb) TX bytes:7361449 (7.0 Mb)
> Interrupt:10 Base address:0xcc00
>
> eth1 Link encap:Ethernet HWaddr 00:05:1C:09:44:E9
> inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:9303 errors:0 dropped:0 overruns:0 frame:0
> TX packets:39202 errors:0 dropped:0 overruns:0 carrier:0
> collisions:66 txqueuelen:100
> RX bytes:866614 (846.3 Kb) TX bytes:56923030 (54.2 Mb)
> Interrupt:12 Base address:0xd400
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:1355 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1355 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:167924 (163.9 Kb) TX bytes:167924 (163.9 Kb)
>
> 4:
>
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0
> eth1
> 131.111.0.0 0.0.0.0 255.255.0.0 U 0 0 0
> eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
> eth0
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0
> lo
> 0.0.0.0 131.111.201.62 0.0.0.0 UG 0 0 0
> eth0
>
> (I don't know what the 169.254.0.0 stuff is doing there...)
>
> 5:
>
> /etc/shorewall/zones:net Net Internet zone
> /etc/shorewall/zones:loc Local Local
> /etc/shorewall/interfaces:net eth0 detect
> /etc/shorewall/interfaces:loc eth1 detect
> /etc/shorewall/policy:loc net ACCEPT
> /etc/shorewall/policy:fw net ACCEPT
> /etc/shorewall/policy:net all DROP info
> /etc/shorewall/policy:all all REJECT info
> /etc/shorewall/rules:ACCEPT net fw tcp 22 -
> /etc/shorewall/rules:ACCEPT loc fw tcp 22 -
>
> (that's before I attempt to setup internet connection sharing, let me
> know if you want the output after I attempt to set it up).
>
> As noted in private emails, if I remove one of the duplicate lines in
> /etc/shorewall/interfaces - the one which makes eth1 a member of loc,
> just leaving the one which makes it a member of masq - shorewall startup
> proceeds to a much later point then dies because an iptables command
> isn't correctly completed, which seems to be the bug you mentioned
> getting.
--
Florin http://www.mandrakesoft.com
http://people.mandrakesoft.com/~florin/
