Scott, THANK YOU for being so complete in your setup and problem description. That really eliminates a ton of speculation and guesswork.
As you suggested below, you have a default route problem. The default route should be over the PPPoE interface, not eth0. Removing: gateway 172.16.0.254 from /etc/network/interfaces will remove the default route via eth0. Once you have removed it, I suspect pppd will notice there is no default route and add one via the PPPoE interface after the PPPoE connection is made. Try removing that line and running: svi networking restart; svi shorewall restart (Or backing up the etc package and rebooting.) As for the PPPoE startup messages, they're probably in /var/log/ppp.log . If not, check out the daemon.log and debug logs in the /var/log directory. --Brad On Mon, 27 Jan 2003 01:22:15 EST freeman wrote: > First, thanks to everyone who deveops & supports this effort. I'm one > more happy user, having growing pains today as I migrate from Dach to > Bering, due to now having DSL and its PPPoE. > > Setup - Bering 1.0 Release > - PPPoE over DSL > - DSL Modem is Alcatel > SpeedTouch Home > - STHome has ip addy of > 172.16.0.254 > - 3 NIC setup > - eth0 = internet via Alcatel > - eth1 = private LAN > - eth2 = DMZ > > Problem: virgin setup using Alcatel > STHome DSL modem ... > can't ping from Bering's console > to the internet ... nothing > shows up in syslog ... > > graphically... > iNet > | > | > ================================= > === Alcatel STHome DSL modem ==== > ================================= > = ^ = > = | = > = 172.16.0.254 v = > ================================= > ^ ^ > | | > v v > ====================================== > ======== Bering 1.0 Router =========== > ====================================== > = eth0 ppp0 = > = = > = 172.16.0.1/24 64.39.y.z = > = via STATIC via PPPoE = > = = > = = > = 192.168.0.254/24 = > = via STATIC, 10.0.0.254/24 = > = + DHCP Server via STATIC = > = eth1 eth2 = > ====================================== > ^ ^ > | | > v v > Private DMZ Lan > LAN > > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > Problem: Cannot ping from fw's console > to the internet. When I try: > ping 204.101.215.10 > I get NO response, until I ctrl-C > when I'm told that about 100% > packet loss - "type 1 ping fail" per: > http://sourceforge.net/docman/ > display_doc.php?docid=4099&group_id=13751 > > Observations: > - I need to have both 'auto ppp0' (et al) and 'auto > eth0' (et al) in my interfaces file (/etc/interfaces) > because of my 'dual IP' connection from the router to > the DSL connection (static 172.16... and PPPoE > assigned 64.39...)?! > > - In syslog there's no entries, at all, from pppd. I > would have expected some feedback, even if everything > was successful. I suspect that it is, however, working > because I get an intelligent ip address (64.39...) on > the ppp0 interface. That, and 'ps -aux' show it's > loaded in memory. > ================================== > 3862 root 1540 S /usr/sbin/pppd call dsl-provider eth0 > ================================== > > - 'ip route' gives sensible output in that it has ip > addy's for all interfaces... > ================================== > </root> # ip route show > ================================== > 64.39.160.16 dev ppp0 proto kernel scope link src 64.39.191.53 > 10.0.0.0/24 dev eth2 proto kernel scope link src 10.0.0.254 > 172.16.0.0/24 dev eth0 proto kernel scope link src 172.16.0.1 > 192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.254 > default via 172.16.0.254 dev eth0 > ================================== > > ... and 64.39... is a usual IP address > for me when I connect via XP. > > When I'm connected via XP, this is the > interesting stuff that I get from ipconfig /all: > ================================== > PPP adapter NBN: > Connection-specific > DNS Suffix : > Description . . . . : WAN (PPP/SLIP) Interface > Physical Address. . : 00-53-45-00-00-00 > Dhcp Enabled. . . . : No > ! IP Address. . . . . : 64.39.191.53 > !! Subnet Mask . . . . : 255.255.255.255 > ! Default Gateway . . : 64.39.191.53 > DNS Servers . . . . : 199.166.210.2 > 199.166.210.5 > NetBIOS over Tcpip. : Disabled > ================================== > And what's weird is that my default gateway is the > same as my iwn IP address?! That, and I get a subnet > mask of /32. > > So for my Bering box, I am left wondering if if the > 'default via' should instead be reading 64.39.191.53? > > Final ovservation: > - iptables -nvL has a _lot_ of 0.0.0.0/0 entries - like > almost everyone ... and there's no entries for my > 64.39... addy so I think that something is definitely > amiss. > > Below is output of all manner - I hope that someone can > turn me on to what I'm doing wrong. At the very end is info > from my XP system, when it is the one connecting to the > Alcatel, and thus the internet ... a working example if you > will. > > I have a suspicion my Bering troubles are due to a simple > miscong on my part. I think that my 'unusual' complexity > stems from the fact that I need to have the Bering box have a > connection to the Alcatel via 172.16.0.254 (it's factory > default is usually 10.0.0.138). Because of this dual ip feature, > do I neeed to use 'multi' in some of the config files in > Shorewall? > > I've been over and through the Bering install & user's guide, > pppoe sections, etc. but am not having any luck. > > Thanks for any leads and assistance, > scott > > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > ================================== > Login prompt: > ================================== > Bering V1.0-stable firewall ttyS0 > firewall login: > > ================================== > </root> # uname -a > ================================== > Linux firewall 2.4.18 #1 Sun Nov 10 17:40:20 UTC 2002 i586 unknown > > ================================== > </root> # ip addr show > ================================== > 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 brd 127.255.255.255 scope host lo > 2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop > link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff > 3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 > link/ether 00:40:05:5d:7d:4e brd ff:ff:ff:ff:ff:ff > inet 172.16.0.1/24 brd 172.16.0.255 scope global eth0 > 4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 > link/ether 00:80:c6:f1:c8:c8 brd ff:ff:ff:ff:ff:ff > inet 192.168.0.254/24 brd 192.168.0.255 scope global eth1 > 5: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 > link/ether 00:60:67:04:85:97 brd ff:ff:ff:ff:ff:ff > inet 10.0.0.254/24 brd 10.0.0.255 scope global eth2 > 6: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen 3 > link/ppp > inet 64.39.191.53 peer 64.39.160.16/32 scope global ppp0 > > ================================== > </root> # ip route show > ================================== > 64.39.160.16 dev ppp0 proto kernel scope link src 64.39.191.53 > 10.0.0.0/24 dev eth2 proto kernel scope link src 10.0.0.254 > 172.16.0.0/24 dev eth0 proto kernel scope link src 172.16.0.1 > 192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.254 > default via 172.16.0.254 dev eth0 > > === failed ping to internet... === > </root> # ping 204.101.215.10 > ================================== > PING 204.101.215.10 (204.101.215.10): 56 data bytes > > --- 204.101.215.10 ping statistics --- > 3 packets transmitted, 0 packets received, 100% packet loss > > ================================== > </root> # grep -v "#" /etc/ppp/options > ================================== > asyncmap 0 > auth > crtscts > lock > hide-password > modem > proxyarp > lcp-echo-interval 30 > lcp-echo-failure 4 > noipx > > ================================== > </root> # grep -v "#" /etc/ppp/chap-secrets > ================================== > [EMAIL PROTECTED] * my_password > > ================================== > </root> # grep -v "#" /etc/ppp/pap-secrets > ================================== > [EMAIL PROTECTED] * my_password > > ================================== > </root> # grep -v "#" /etc/ppp/peers/dsl-provider > ================================== > plugin /usr/lib/pppd/pppoe.so > name "[EMAIL PROTECTED]" > noipdefault > defaultroute > hide-password > lcp-echo-interval 20 > lcp-echo-failure 3 > connect /bin/true > noauth > persist > mtu 1492 > > ================================== > </root> # cat /etc/network/ifstate > ================================== > lo=lo > eth0=eth0 > ppp0=ppp0 > eth1=eth1 > eth2=eth2 > > ================================== > </root> # grep -v "#" /etc/network/interfaces > ================================== > auto lo > iface lo inet loopback > > auto eth0 > iface eth0 inet static > address 172.16.0.1 > masklen 24 > broadcast 172.16.0.255 > gateway 172.16.0.254 > > auto ppp0 > iface ppp0 inet ppp > pre-up ip link set eth0 up > provider dsl-provider eth0 > > auto eth1 > iface eth1 inet static > address 192.168.0.254 > masklen 24 > broadcast 192.168.0.255 > > auto eth2 > iface eth2 inet static > address 10.0.0.254 > masklen 24 > broadcast 10.0.0.255 > > ================================== > </root> # grep -v "#" /etc/shorewall/zones > ================================== > net Net Internet > loc Local Local networks > dmz DMZ DMZ > > ================================== > </root> # grep -v "#" /etc/shorewall/interfaces > ================================== > net ppp0 - blacklist > > net eth0 detect blacklist > > loc eth1 detect routestopped > dmz eth2 detect > > ================================== > </root> # grep -v "#" /etc/shorewall/policy > ================================== > loc net ACCEPT > fw net ACCEPT > net all DROP info > all all REJECT info > > ================================== > </root> # grep -v "#" /etc/shorewall/rules > ================================== > ACCEPT fw net tcp 53 > ACCEPT fw net udp 53 > ACCEPT loc fw tcp 22 > ACCEPT loc fw udp 53 > ACCEPT loc fw tcp 80 > > ================================== > </root> # grep -v "#" /etc/shorewall/shorewall.conf > ================================== > PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin > FW=fw > SUBSYSLOCK=/var/run/shorewall > STATEDIR=/tmp/shorewall > ALLOWRELATED=yes > MODULESDIR= > LOGRATE= > LOGBURST= > LOGUNCLEAN=info > LOGFILE=/var/log/messages > NAT_ENABLED=Yes > MANGLE_ENABLED=Yes > IP_FORWARDING=On > ADD_IP_ALIASES=Yes > ADD_SNAT_ALIASES=No > TC_ENABLED=No > BLACKLIST_DISPOSITION=DROP > BLACKLIST_LOGLEVEL= > CLAMPMSS=Yes > ROUTE_FILTER=No > NAT_BEFORE_RULES=Yes > MULTIPORT=No > DETECT_DNAT_IPADDRS=No > MERGE_HOSTS=Yes > MUTEX_TIMEOUT=60 > LOGNEWNOTSYN= > FORWARDPING=Yes > NEWNOTSYN=No > MACLIST_DISPOSITION=REJECT > MACLIST_LOG_LEVEL=info > > ================================== > At various times I have received msgs > from pppd, showing up in syslog. Here's some > of them if they are helpful. I think, perhaps, > they show up when I've disconnected the > eth0 connection. > > Please note: These msgs are not showing up > under my _present_ Bering config, the one > that I have documented herein. > > > Jan 26 17:37:08 firewall pppd[9439]: No response to 3 echo-requests > > Jan 26 17:37:08 firewall pppd[9439]: Serial link appears to be disconnected. > > Jan 26 17:37:08 firewall pppd[9439]: Couldn't increase MTU to 1500. > > Jan 26 17:37:08 firewall pppd[9439]: Couldn't increase MRU to 1500 > > Jan 26 17:37:14 firewall pppd[9439]: Connection terminated. > > Jan 26 17:37:14 firewall pppd[9439]: Connect time 4.7 minutes. > > Jan 26 17:37:14 firewall pppd[9439]: Sent 30 bytes, received 114 bytes. > > Jan 26 17:37:14 firewall pppd[9439]: Doing disconnect > > Jan 26 17:37:44 firewall pppd[9439]: Sending PADI > > Jan 26 18:11:50 firewall pppd[9439]: Connecting PPPoE socket: 00:90:1a:40:1c:f9 >0000 eth0 0x807c260 > > Jan 26 18:11:50 firewall pppd[9439]: Couldn't get channel number: Transport >endpoint is not connected > > Jan 26 18:11:50 firewall pppd[9439]: Doing disconnect > > Jan 26 18:12:20 firewall pppd[9439]: Sending PADI > > Jan 26 18:46:26 firewall pppd[9439]: Connecting PPPoE socket: 00:90:1a:40:1c:f9 >0000 eth0 0x807c260 > > Jan 26 18:46:26 firewall pppd[9439]: Couldn't get channel number: Transport >endpoint is not connected > > Jan 26 18:46:26 firewall pppd[9439]: Doing disconnect > > Jan 26 18:46:56 firewall pppd[9439]: Sending PADI > ---- > > Jan 25 00:42:28 firewall pppd[19484]: pppd 2.4.1 started by root, uid 0 > ---- > > Jan 25 23:17:04 firewall pppd[10916]: not replacing existing default route to eth0 >[172.16.0.254] > > Jan 25 23:17:04 firewall pppd[10916]: Cannot determine ethernet address for proxy >ARP > > Jan 25 23:17:04 firewall pppd[10916]: local IP address 64.39.191.38 > > Jan 25 23:17:04 firewall pppd[10916]: remote IP address 64.39.160.16 > ---- > > Jan 26 01:52:37 firewall pppd[29204]: Couldn't increase MTU to 1500. > > Jan 26 01:52:37 firewall pppd[29204]: Couldn't increase MRU to 1500 > > Jan 26 01:52:37 firewall pppd[29204]: not replacing existing default > > route to eth0 [172.16.0.254] > > Jan 26 01:52:37 firewall pppd[29204]: Cannot determine ethernet > > address for proxy ARP > > Jan 26 01:52:37 firewall pppd[29204]: local IP address 64.39.191.38 > > Jan 26 01:52:37 firewall pppd[29204]: remote IP address 64.39.160.16 > > > ================================== > </root> # iptables -nvL > ================================== > Chain INPUT (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT ah -- lo * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 ppp0_in ah -- ppp0 * 0.0.0.0/0 > 0.0.0.0/0 > 5 336 eth0_in ah -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 eth1_in ah -- eth1 * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 eth2_in ah -- eth2 * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 common ah -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 LOG ah -- * * 0.0.0.0/0 > 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:' > 0 0 reject ah -- * * 0.0.0.0/0 > 0.0.0.0/0 > > ...and the remainder is much like this, > so it's been mostly snipped... > > Chain reject (6 references) > pkts bytes target prot opt in out source > destination > 0 0 REJECT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 reject-with tcp-reset > 0 0 REJECT ah -- * * 0.0.0.0/0 > 0.0.0.0/0 reject-with icmp-port-unreachable > > Chain shorewall (0 references) > pkts bytes target prot opt in out source > destination > > ================================== > </root> # ps -aux > ================================== > PID Uid VmSize Stat Command > 1 root 1160 S init [2] > 2 root S [keventd] > 3 root S [ksoftirqd_CPU0] > 4 root S [kswapd] > 5 root S [bdflush] > 6 root S [kupdated] > 3862 root 1540 S /usr/sbin/pppd call dsl-provider eth0 > 7132 root 1264 S /sbin/syslogd -m 240 > 10418 root 1848 S /sbin/klogd > 5823 root 1656 S /usr/sbin/watchdog > 27279 root 1556 S /usr/sbin/inetd > 32208 root 1192 S /usr/sbin/dhcpd eth1 > 3844 root 1512 S /usr/sbin/cron > 4021 root 1508 S /sbin/getty 38400 tty1 > 4077 root 1788 S /sbin/getty 38400 tty2 > 29372 root 1612 S -sh > 16936 root 1076 R ps -aux > > ================================== > </root> # cat /var/log/syslog > ================================== > Jan 26 22:29:09 firewall syslogd 1.3-3#31.slink1: restart. > Jan 26 22:29:09 firewall kernel: klogd 1.3-3#31.slink1, log source = > /proc/kmsg started. > Jan 26 22:29:09 firewall kernel: Cannot find map file. > Jan 26 22:29:09 firewall kernel: Loaded 141 symbols from 17 modules. > Jan 26 22:29:09 firewall kernel: Linux version 2.4.18 (root@uml_woody) > (gcc version 2.95.4 20011002 (Debian prerelease)) #1 Sun Nov 10 17:40:20 > UTC 2002 > Jan 26 22:29:09 firewall kernel: BIOS-provided physical RAM map: > Jan 26 22:29:09 firewall kernel: BIOS-e820: 0000000000000000 - > 00000000000a0000 (usable) > Jan 26 22:29:09 firewall kernel: BIOS-e820: 00000000000f0000 - > 0000000000100000 (reserved) > Jan 26 22:29:09 firewall kernel: BIOS-e820: 0000000000100000 - > 0000000001800000 (usable) > Jan 26 22:29:09 firewall kernel: BIOS-e820: 00000000ffff0000 - > 0000000100000000 (reserved) > Jan 26 22:29:09 firewall kernel: On node 0 totalpages: 6144 > Jan 26 22:29:09 firewall kernel: zone(0): 4096 pages. > Jan 26 22:29:09 firewall kernel: zone(1): 2048 pages. > Jan 26 22:29:09 firewall kernel: zone(2): 0 pages. > Jan 26 22:29:09 firewall kernel: Kernel command line: > console=ttyS0,38400 BOOT_IMAGE=linux initrd=initrd.lrp init=/linuxrc > root=/dev/ram0 boot=/dev/hda1:msdos PKGPATH=/dev/hda1 > LRP=root,etc,local,modules,iptables,ppp,pppoe,dhcpd,shorwall,dnscache,weblet > > > Jan 26 22:29:09 firewall kernel: Initializing CPU#0 > Jan 26 22:29:09 firewall kernel: Detected 133.636 MHz processor. > Jan 26 22:29:09 firewall kernel: Console: colour VGA+ 80x25 > Jan 26 22:29:09 firewall kernel: Calibrating delay loop... 266.24 BogoMIPS > Jan 26 22:29:09 firewall kernel: Memory: 21952k/24576k available (907k > kernel code, 2240k reserved, 232k data, 60k init, 0k highmem) > Jan 26 22:29:09 firewall kernel: Dentry-cache hash table entries: 4096 > (order: 3, 32768 bytes) > Jan 26 22:29:09 firewall kernel: Inode-cache hash table entries: 2048 > (order: 2, 16384 bytes) > Jan 26 22:29:09 firewall kernel: Mount-cache hash table entries: 512 > (order: 0, 4096 bytes) > Jan 26 22:29:09 firewall kernel: Buffer-cache hash table entries: 1024 > (order: 0, 4096 bytes) > Jan 26 22:29:09 firewall kernel: Page-cache hash table entries: 8192 > (order: 3, 32768 bytes) > Jan 26 22:29:09 firewall kernel: CPU: Before vendor init, caps: 000001bf > 00000000 00000000, vendor = 0 > Jan 26 22:29:09 firewall kernel: Intel Pentium with F0 0F bug - > workaround enabled. > Jan 26 22:29:09 firewall kernel: CPU: After vendor init, caps: 000001bf > 00000000 00000000 00000000 > Jan 26 22:29:09 firewall kernel: CPU: After generic, caps: 000001bf > 00000000 00000000 00000000 > Jan 26 22:29:09 firewall kernel: CPU: Common caps: 000001bf > 00000000 00000000 00000000 > Jan 26 22:29:09 firewall kernel: CPU: Intel Pentium 75 - 200 stepping 06 > Jan 26 22:29:09 firewall kernel: Checking 'hlt' instruction... OK. > Jan 26 22:29:09 firewall kernel: POSIX conformance testing by UNIFIX > Jan 26 22:29:09 firewall kernel: PCI: PCI BIOS revision 2.10 entry at > 0xfb1c0, last bus=0 > Jan 26 22:29:09 firewall kernel: PCI: Using configuration type 1 > Jan 26 22:29:09 firewall kernel: PCI: Probing PCI hardware > Jan 26 22:29:09 firewall kernel: Limiting direct PCI/PCI transfers. > Jan 26 22:29:09 firewall kernel: Activating ISA DMA hang workarounds. > Jan 26 22:29:09 firewall kernel: Linux NET4.0 for Linux 2.4 > Jan 26 22:29:09 firewall kernel: Based upon Swansea University Computer > Society NET3.039 > Jan 26 22:29:09 firewall kernel: Initializing RT netlink socket > Jan 26 22:29:09 firewall kernel: Starting kswapd > Jan 26 22:29:09 firewall kernel: pty: 256 Unix98 ptys configured > Jan 26 22:29:09 firewall kernel: Serial driver version 5.05c > (2001-07-08) with MANY_PORTS SHARE_IRQ DETECT_IRQ SERIAL_PCI enabled > Jan 26 22:29:09 firewall kernel: ttyS00 at 0x03f8 (irq = 4) is a 16550A > Jan 26 22:29:09 firewall kernel: ttyS01 at 0x02f8 (irq = 3) is a 16550A > Jan 26 22:29:09 firewall kernel: Software Watchdog Timer: 0.05, timer > margin: 60 sec > Jan 26 22:29:09 firewall kernel: block: 64 slots per queue, batch=16 > Jan 26 22:29:09 firewall kernel: RAMDISK driver initialized: 16 RAM > disks of 4096K size 1024 blocksize > Jan 26 22:29:09 firewall kernel: Floppy drive(s): fd0 is 1.44M > Jan 26 22:29:09 firewall kernel: FDC 0 is an 8272A > Jan 26 22:29:09 firewall kernel: NET4: Linux TCP/IP 1.0 for NET4.0 > Jan 26 22:29:09 firewall kernel: IP Protocols: ICMP, UDP, TCP, IGMP > Jan 26 22:29:09 firewall kernel: IP: routing cache hash table of 512 > buckets, 4Kbytes > Jan 26 22:29:09 firewall kernel: TCP: Hash tables configured > (established 2048 bind 2048) > Jan 26 22:29:09 firewall kernel: Linux IP multicast router 0.06 plus PIM-SM > Jan 26 22:29:09 firewall kernel: ip_conntrack version 2.0 (192 buckets, > 1536 max) - 312 bytes per conntrack > Jan 26 22:29:09 firewall kernel: ip_tables: (C) 2000-2002 Netfilter core > team > Jan 26 22:29:09 firewall kernel: NET4: Unix domain sockets 1.0/SMP for > Linux NET4.0. > Jan 26 22:29:09 firewall kernel: RAMDISK: Compressed image found at block 0 > Jan 26 22:29:09 firewall kernel: Freeing initrd memory: 440k freed > Jan 26 22:29:09 firewall kernel: VFS: Mounted root (minix filesystem). > Jan 26 22:29:09 firewall kernel: Freeing unused kernel memory: 60k freed > Jan 26 22:29:09 firewall kernel: Uniform Multi-Platform E-IDE driver > Revision: 6.31 > Jan 26 22:29:09 firewall kernel: ide: Assuming 33MHz system bus speed > for PIO modes; override with idebus=xx > Jan 26 22:29:09 firewall kernel: PIIX3: IDE controller on PCI bus 00 dev 39 > Jan 26 22:29:09 firewall kernel: PIIX3: chipset revision 0 > Jan 26 22:29:09 firewall kernel: PIIX3: not 100%% native mode: will > probe irqs later > Jan 26 22:29:09 firewall kernel: hda: QUANTUM LP240A GM240A01X, ATA DISK > drive > Jan 26 22:29:09 firewall kernel: ide0 at 0x1f0-0x1f7,0x3f6 on irq 14 > Jan 26 22:29:09 firewall kernel: hda: 479349 sectors (245 MB) w/256KiB > Cache, CHS=723/13/51 > Jan 26 22:29:09 firewall kernel: Partition check: > Jan 26 22:29:09 firewall kernel: hda: hda1 hda2 < hda5 hda6 hda7 > > Jan 26 22:29:09 firewall kernel: ne2k-pci.c:v1.02 10/19/2000 D. > Becker/P. Gortmaker > Jan 26 22:29:09 firewall kernel: > http://www.scyld.com/network/ne2k-pci.html > Jan 26 22:29:09 firewall kernel: eth0: RealTek RTL-8029 found at 0x6200, > IRQ 9, 00:40:05:5D:7D:4E. > Jan 26 22:29:09 firewall kernel: Linux Tulip driver version 0.9.15-pre9 > (Nov 6, 2001) > Jan 26 22:29:09 firewall kernel: tulip0: no phy info, aborting mtable build > Jan 26 22:29:09 firewall kernel: eth1: Macronix 98715 PMAC rev 37 at > 0xc2031000, 00:80:C6:F1:C8:C8, IRQ 11. > Jan 26 22:29:09 firewall kernel: ne.c:v1.10 9/23/94 Donald Becker > ([EMAIL PROTECTED]) > Jan 26 22:29:09 firewall kernel: Last modified Nov 1, 2000 by Paul > Gortmaker > Jan 26 22:29:09 firewall kernel: NE*000 ethercard probe at 0x220: 00 60 > 67 04 85 97 > Jan 26 22:29:09 firewall kernel: eth2: NE2000 found at 0x220, using IRQ 10. > Jan 26 22:29:09 firewall kernel: CSLIP: code copyright 1989 Regents of > the University of California > Jan 26 22:29:09 firewall kernel: HDLC line discipline: version > $Revision: 3.3 $, maxframe=4096 > Jan 26 22:29:09 firewall kernel: N_HDLC line discipline registered. > Jan 26 22:29:09 firewall kernel: PPP generic driver version 2.4.1 > Jan 26 22:29:09 firewall dhcpd: Internet Software Consortium DHCP Server > 2.0pl5 > Jan 26 22:29:09 firewall dhcpd: Copyright 1995, 1996, 1997, 1998, 1999 > The Internet Software Consortium. > Jan 26 22:29:09 firewall dhcpd: All rights reserved. > Jan 26 22:29:09 firewall dhcpd: > Jan 26 22:29:09 firewall dhcpd: Please contribute if you find this > software useful. > Jan 26 22:29:09 firewall dhcpd: For info, please visit > http://www.isc.org/dhcp-contrib.html > Jan 26 22:29:09 firewall dhcpd: > Jan 26 22:29:09 firewall dhcpd: Listening on > LPF/eth1/00:80:c6:f1:c8:c8/192.168.0.0 > Jan 26 22:29:09 firewall dhcpd: Sending on > LPF/eth1/00:80:c6:f1:c8:c8/192.168.0.0 > Jan 26 22:29:09 firewall dhcpd: Sending on Socket/fallback/fallback-net > Jan 26 22:29:19 firewall root: Shorewall Started > Jan 26 22:29:19 firewall /usr/sbin/cron[26869]: (CRON) INFO (pidfile fd = 3) > Jan 26 22:29:19 firewall /usr/sbin/cron[3844]: (CRON) STARTUP (fork ok) > Jan 26 22:30:01 firewall /USR/SBIN/CRON[25976]: (root) CMD > (/etc/multicron-p) > > ================================== > System startup > ================================== > Loading linux............ > Loading initrd.lrp......... > Ready. > Linux version 2.4.18 (root@uml_woody) (gcc version 2.95.4 20011002 > (Debian prerelease)) #1 Sun Nov 10 17:40:20 UTC 2002 > BIOS-provided physical RAM map: > BIOS-e820: 0000000000000000 - 00000000000a0000 (usable) > BIOS-e820: 00000000000f0000 - 0000000000100000 (reserved) > BIOS-e820: 0000000000100000 - 0000000001800000 (usable) > BIOS-e820: 00000000ffff0000 - 0000000100000000 (reserved) > On node 0 totalpages: 6144 > zone(0): 4096 pages. > zone(1): 2048 pages. > zone(2): 0 pages. > Kernel command line: console=ttyS0,38400 BOOT_IMAGE=linux > initrd=initrd.lrp init=/linuxrc root=/dev/ram0 boot=/dev/hda1:msdos > PKGPATH=/dev/hda1 > LRP=root,etc,local,modules,iptables,ppp,pppoe,dhcpd,shorwall,dnscache,weblet > Initializing CPU#0 > Detected 133.638 MHz processor. > Console: colour VGA+ 80x25 > Calibrating delay loop... 266.24 BogoMIPS > Memory: 21952k/24576k available (907k kernel code, 2240k reserved, 232k > data, 60k init, 0k highmem) > Dentry-cache hash table entries: 4096 (order: 3, 32768 bytes) > Inode-cache hash table entries: 2048 (order: 2, 16384 bytes) > Mount-cache hash table entries: 512 (order: 0, 4096 bytes) > Buffer-cache hash table entries: 1024 (order: 0, 4096 bytes) > Page-cache hash table entries: 8192 (order: 3, 32768 bytes) > Intel Pentium with F0 0F bug - workaround enabled. > CPU: Intel Pentium 75 - 200 stepping 06 > Checking 'hlt' instruction... OK. > POSIX conformance testing by UNIFIX > PCI: PCI BIOS revision 2.10 entry at 0xfb1c0, last bus=0 > PCI: Using configuration type 1 > PCI: Probing PCI hardware > Limiting direct PCI/PCI transfers. > Activating ISA DMA hang workarounds. > Linux NET4.0 for Linux 2.4 > Based upon Swansea University Computer Society NET3.039 > Initializing RT netlink socket > Starting kswapd > pty: 256 Unix98 ptys configured > Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ > DETECT_IRQ SERIAL_PCI enabled > �ttyS00 at 0x03f8 (irq = 4) is a 16550A > ttyS01 at 0x02f8 (irq = 3) is a 16550A > Software Watchdog Timer: 0.05, timer margin: 60 sec > block: 64 slots per queue, batch=16 > RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize > Floppy drive(s): fd0 is 1.44M > FDC 0 is an 8272A > NET4: Linux TCP/IP 1.0 for NET4.0 > IP Protocols: ICMP, UDP, TCP, IGMP > IP: routing cache hash table of 512 buckets, 4Kbytes > TCP: Hash tables configured (established 2048 bind 2048) > Linux IP multicast router 0.06 plus PIM-SM > ip_conntrack version 2.0 (192 buckets, 1536 max) - 312 bytes per conntrack > ip_tables: (C) 2000-2002 Netfilter core team > NET4: Unix domain sockets 1.0/SMP for Linux NET4.0. > RAMDISK: Compressed image found at block 0 > Freeing initrd memory: 440k freed > VFS: Mounted root (minix filesystem). > Freeing unused kernel memory: 60k freed > LINUXRC: Bering - Initrd - V1.0-stable > Using /boot/lib/modules/ide-mod.o > Uniform Multi-Platform E-IDE driver Revision: 6.31 > ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx > PIIX3: IDE controller on PCI bus 00 dev 39 > PIIX3: chipset revision 0 > PIIX3: not 100% native mode: will probe irqs later > Using /boot/lib/modules/ide-disk.o > Using /boot/lib/modules/ide-probe-mod.o > hda: QUANTUM LP240A GM240A01X, ATA DISK drive > ide0 at 0x1f0-0x1f7,0x3f6 on irq 14 > Mounting a 6M TMPFS filesystem... > hda: 479349 sectors (245 MB) w/256KiB Cache, CHS=723/13/51 > Partition check: > hda: hda1 hda2 < hda5 hda6 hda7 > > > LINUXRC: Installing - root: /dev/hda1 etc: /dev/hda1 local: /dev/hda1 > modules: /dev/hda1 iptables: /dev/hda1 ppp: /dev/hda1 pppoe: > /dev/hda1 dhcpd: /dev/hda1 shorwall: /dev/hda1 dnscache: /dev/hda1 > weblet: /dev/hda1 - Finished. > INIT: version 2.78 booting > Loading modules: > 8390 - find: /proc/28876: No such file or directory > Using /lib/modules/8390.o > ne2k-pci - Using /lib/modules/ne2k-pci.o > ne2k-pci.c:v1.02 10/19/2000 D. Becker/P. Gortmaker > http://www.scyld.com/network/ne2k-pci.html > eth0: RealTek RTL-8029 found at 0x6200, IRQ 9, 00:40:05:5D:7D:4E. > tulip - Using /lib/modules/tulip.o > Linux Tulip driver version 0.9.15-pre9 (Nov 6, 2001) > tulip0: no phy info, aborting mtable build > eth1: Macronix 98715 PMAC rev 37 at 0xc2031000, 00:80:C6:F1:C8:C8, IRQ 11. > ne - Using /lib/modules/ne.o > ne.c:v1.10 9/23/94 Donald Becker ([EMAIL PROTECTED]) > Last modified Nov 1, 2000 by Paul Gortmaker > NE*000 ethercard probe at 0x220: 00 60 67 04 85 97 > eth2: NE2000 found at 0x220, using IRQ 10. > slhc - Using /lib/modules/slhc.o > CSLIP: code copyright 1989 Regents of the University of California > n_hdlc - Using /lib/modules/n_hdlc.o > HDLC line discipline: version $Revision: 3.3 $, maxframe=4096 > N_HDLC line discipline registered. > ppp_generic - Using /lib/modules/ppp_generic.o > PPP generic driver version 2.4.1 > ppp_synctty - Using /lib/modules/ppp_synctty.o > pppox - Using /lib/modules/pppox.o > pppoe - Using /lib/modules/pppoe.o > ip_conntrack_ftp - Using /lib/modules/ip_conntrack_ftp.o > ip_conntrack_irc - Using /lib/modules/ip_conntrack_irc.o > ip_nat_ftp - Using /lib/modules/ip_nat_ftp.o > ip_nat_irc - Using /lib/modules/ip_nat_irc.o > > Mounting local file systems... > mount: Mounting 8 on failed: No such file or directory > Cleaning: /etc/network/ifstate. > Setting up IP spoofing protection: rp_filter. > Configuring network interfaces: Plugin /usr/lib/pppd/pppoe.so loaded. > PPPoE Plugin Initialized > done. > > Local time: Mon Jan 27 00:19:21 UTC 2003 > > Initializing random number generator... done. > INIT: Entering runlevel: 2 > Starting system log daemon: syslogdTerminated > klogd. > Starting software watchdog... done. > Starting internet superserver: inetd. > Starting dhcpd on eth1: > Internet Software Consortium DHCP Server 2.0pl5 > Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium. > All rights reserved. > > Please contribute if you find this software useful. > For info, please visit http://www.isc.org/dhcp-contrib.html > > Listening on LPF/eth1/00:80:c6:f1:c8:c8/192.168.0.0 > Sending on LPF/eth1/00:80:c6:f1:c8:c8/192.168.0.0 > Sending on Socket/fallback/fallback-net > Processing /etc/shorewall/shorewall.conf ... > Processing /etc/shorewall/params ... > Starting Shorewall... > Initializing... > Determining Zones... > Zones: net loc dmz > Validating interfaces file... > Validating hosts file... > Validating Policy file... > Determining Hosts in Zones... > Net Zone: ppp0:0.0.0.0/0 eth0:0.0.0.0/0 > Local Zone: eth1:0.0.0.0/0 > DMZ Zone: eth2:0.0.0.0/0 > Deleting user chains... > Creating input Chains... > Configuring Proxy ARP > Setting up NAT... > Adding Common Rules > Adding rules for DHCP > Setting up Blacklisting... > Blacklisting enabled on ppp0 > Blacklisting enabled on eth0 > IP Forwarding Enabled > Processing /etc/shorewall/tunnels... > Processing /etc/shorewall/rules... > Rule "ACCEPT fw net tcp 53" added. > Rule "ACCEPT fw net udp 53" added. > Rule "ACCEPT loc fw tcp 22" added. > Rule "ACCEPT loc fw udp 53" added. > Rule "ACCEPT loc fw tcp 80" added. > Setting up ICMP Echo handling... > Processing /etc/shorewall/policy... > Policy ACCEPT for fw to net using chain fw2net > Policy DROP for net to net using chain net2all > Policy REJECT for loc to fw using chain all2all > Policy ACCEPT for loc to net using chain loc2net > Masqueraded Subnets and Hosts: > To 0.0.0.0/0 from eth1 through ppp0 > Processing /etc/shorewall/tos... > Rule "all all tcp - ssh 16" added. > Rule "all all tcp ssh - 16" added. > Rule "all all tcp - ftp 16" added. > Rule "all all tcp ftp - 16" added. > Rule "all all tcp ftp-data - 8" added. > Rule "all all tcp - ftp-data 8" added. > Activating Rules... > Processing /etc/shorewall/OUTPUT ... > Processing /etc/shorewall/start ... > Shorewall Started > dnscache queries allowed from 192.168 > Starting dnscache without daemontools ... > Starting periodic command scheduler: cron. > > Bering V1.0-stable firewall ttyS0 > firewall login: > > ========================================= > ========================================= > > XP Stuff... > ========================================= > > I can connect to the net fine using WinXP, SP1. I > create the connection using NewConnectionWizard > under Networks. I set it up as a PPPoE connection > and supply my username and password. > > When it's up and connected, this is my state: > > C:\>ipconfig /all > ------------------ > Windows IP Configuration > Host Name . . . . . . . . . . . . : ske > Primary Dns Suffix . . . . . . . : > Node Type . . . . . . . . . . . . : Unknown > IP Routing Enabled. . . . . . . . : No > WINS Proxy Enabled. . . . . . . . : No > > Ethernet adapter Local Area Connection: > Connection-specific > DNS Suffix . : > Description . . . . . : D-Link DFE-530TX+ PCI Adapter > Physical Address. . . : 00-50-BA-D2-1C-C3 > Dhcp Enabled. . . . . : No > IP Address. . . . . . : 172.16.0.1 > Subnet Mask . . . . . : 255.255.255.0 > Default Gateway . . . : 172.16.0.254 > > PPP adapter NBN: > Connection-specific > DNS Suffix . : > Description . . . . . : WAN (PPP/SLIP) Interface > Physical Address. . . : 00-53-45-00-00-00 > Dhcp Enabled. . . . . : No > IP Address. . . . . . : 64.39.191.112 > Subnet Mask . . . . . : 255.255.255.255 > Default Gateway . . . : 64.39.191.112 > DNS Servers . . . . . : 199.166.210.2 > 199.166.210.5 > NetBIOS over Tcpip. . : Disabled > > --------------- > C:\>route print > --------------- > ================================================================ > Interface List > 0x1 ........................... MS TCP Loopback interface > 0xc0002 ...00 50 ba d2 1c c3 ..D-Link DFE-530TX+ PCI Adapter > - Packet Scheduler Miniport > 0x210004 ...00 53 45 00 00 00 . WAN (PPP/SLIP) Interface > ================================================================ > ================================================================ > Active Routes: > Network Destin'n Netmask Gateway Interface Metric > 0.0.0.0 0.0.0.0 64.39.191.112 64.39.191.112 1 > 0.0.0.0 0.0.0.0 172.16.0.254 172.16.0.1 31 > 64.39.160.16 255.255.255.255 64.39.191.112 64.39.191.112 1 > 64.39.191.112 255.255.255.255 127.0.0.1 127.0.0.1 50 > 64.255.255.255 255.255.255.255 64.39.191.112 64.39.191.112 50 > 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 > 172.16.0.0 255.255.255.0 172.16.0.1 172.16.0.1 30 > 172.16.0.1 255.255.255.255 127.0.0.1 127.0.0.1 30 > 172.16.255.255 255.255.255.255 172.16.0.1 172.16.0.1 30 > 224.0.0.0 240.0.0.0 172.16.0.1 172.16.0.1 30 > 224.0.0.0 240.0.0.0 64.39.191.112 64.39.191.112 1 > 255.255.255.255 255.255.255.255 172.16.0.1 172.16.0.1 1 > Default Gateway: 64.39.191.112 > ================================================================ > Persistent Routes: > None ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
