Hi Jacques, I think I found the problem... a typo in /etc/shorewall/params! I had 'pop3' instead of 'pop-3'. I still don't know why that would cause a problem getting an IP. Watching the boot process, I would have guessed that the firewall rules were loaded AFTER the IP was obtained. I must be wrong? I think shorewall was failing on the load, so unloaded itself rather than run with what it did understand.
I guess this is all part of the learning curve to be expected going from ipchains to iptables... Can we look forward to an IPSec package in the near future? ;-) Thanks for the reply! Brock ----- Original Message ----- From: "Jacques Nilo" <[EMAIL PROTECTED]> To: "Brock Nanson" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Saturday, April 06, 2002 11:58 PM Subject: Re: [Leaf-user] bering - pump fails to obtain lease on boot | Hi Brock | > I pulled the bering disk image tonight and began working with it to | > hopefully update my Eiger firewall. However, I've hit a snag and wonder if | > there is a simple solution before I start posting configuration data... | > | > Quite simply, pump fails to obtain an IP on boot. However, once the boot is | > complete, a lease can be obtained by running pump after login. | The default configuration for Bering is: | dynamic IP from your ISP through pump --> eth0 | interface to the internal network (192.168.1.254) --> eth1 | Thefore if you boot a fresh Bering disk, declare the appropriate network | modules, and if your NIC's are properly connected it should work out of the | box, exactly like Dachstein. | Have you done any other change apart from that ? | If not please then send the output of /var/log/syslog | | > Unfortunately, I'm unable to ping beyond the interface, and dns lookups fail | > (even if dnscache is restarted). I suspect my firewall rules are partly to | > blame, but I don't think they are active when pump first does its thing - so | > I need to fix the first problem before going any further. | This is really strange. Are you sure your NIC cables are not inverted ? What is | your ISP ? | | > The connection is a cable connection, no PPP etc. Eiger, with dhclient, has | > worked flawlessly for almost a year. As my connection allows more than one | > IP, the Eiger box is still running. I'm *fairly* sure that this isn't a | > release/renew problem as I can get a lease eventually. | Your setup is exactly what I have here (with only one dynamic IP though). | | > As a side note, how does one see the interface information in bering? I'm | > used to using ifconfig and netstat in eiger and feel hamstrung without | > them... | The idea as far as Bering network interface is concerned was to stick, as much | as possible, to Debian standard. | The only adjustment that was made to that was to modify the original | ifup/ifdown programs from Debian in order to replace the ifconfig and route | calls done from within those programs into there ip addr and ip route | equivalent. | Apart from that the interface file is very flexible since you can insert any | statement before or after a given interface is started or closed through the | pre-up, up, down, post-down statements. The ifup -v/ifdown -v statements (-v | for verify) is also very handy to see what is going on. (e.g. ifdown -v eth1) | Jacques | | By the way: there should be no problem to replace pump by dhclient. The cost is | only some more K's. Make sure to shorewall refresh everytime you get a new | external address. _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
