My thanks to Tom Eastep and Ray Olszewski, who pointed out some information that would help.
I'm working on LEAF Bering 1.2, using a PPP serial modem (as ppp0) and a PCMCIA NIC as eth0 for the internal network. The host is a Toshiba Satellite Pro 460CDX laptop (recycled). The NIC is an older 3Com EtherLink III 3C589D based card (recycled). At boot, the firewall gives an error message of: Masquerade: Error: Unable to determine the routes through eth0 Tom suggested the interface isn't up before Shorewall starts, and that seems reasonable. Ray suggested there was a configuration error, and that seems highly likely, as I'm still learning. Pinging the firewall from the internal network, to the default IP of 192.168.1.254 "Destination Host Unreachable". I think I've failed to declare something associated with the PCMCIA cards--I'm not sure where the declaration of the 3c589 driver goes--the documentation isn't clear. I've read the FAQ, but didn't find something that pointed in this direction. I searched the archive, and googled, but also didn't find much. I've pulled the information for troubleshooting, per http://leaf-project.org/pub/doc/docmanager/docid_1891.html. The document at http://leaf.sourceforge.net/pub/doc/guide/install-dachstein/ds-laptop.html there may be a PCI-to-PCMCIA bridge problem (these are older machines). But far more likely is that I've left something out, and I've annotated where my suspicions like, below, in the /etc/modules file. I appreciate the help you're providing, as I'm still learning. uname -a yields Linux firewall 2.4.20 #1 Sun May 11 18:53:34 CEST 2003 i586 unknown ip addr show 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1500 qdisc pfifo_fast qlen 3 link/ppp inet 10.64.64.64 peer 10.112.112.112/32 scope global ppp0 ip route show 10.112.112.112 dev ppp0 proto kernel scope link src 10.64.64.64 default via 10.112.112.112 dev ppp0 lsmod Module Pages Used by ds 6796 2 i82365 27044 2 pcmcia_core 41088 0 [ds i82365] ip_nat_irc 2176 0 (unused) ip_nat_ftp 2784 0 (unused) ip_conntrack_irc 2880 1 ip_conntrack_ftp 3648 1 ppp_async 6284 0 (unused) ppp_generic 16152 1 [ppp_async] slhc 4352 0 [ppp_generic] /sbin/shorewall status Shorewall-1.4.2 Status at firewall - Mon Jun 9 20:07:24 UTC 2003 Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0. 0.0/0 udp dpt:53 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 Chain all2all (3 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ULOG all -- * * 0.0.0.0/0 0.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix `Shorewall:all2all:REJECT:' queue_threshold 1 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain common (2 references) pkts bytes target prot opt in out source dest ination 0 0 icmpdef icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:135 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 0 0 DROP all -- * * 0.0.0.0/0 255.255.255.255 0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/4 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 state NEW Chain dynamic (4 references) pkts bytes target prot opt in out source destination Chain eth0_fwd (0 references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 Chain eth0_in (0 references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 Chain fw2loc (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0. 0.0/0 icmp type 8 0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain fw2net (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain icmpdef (1 references) pkts bytes target prot opt in out source destination Chain loc2fw (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain loc2net (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain net2all (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ULOG all -- * * 0.0.0.0/0 0.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix `Shorewall:net2all:DROP:' queue_threshold 1 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain net2fw (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 net2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain newnotsyn (7 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ppp0_fwd (0 references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ppp0_in (0 references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 Chain reject (7 references) pkts bytes target prot opt in out source destination 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable NAT Table Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Mangle Table Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination cat /var/log/messages (last few lines only) Jun 9 19:52:41 firewall kernel: kernel build: 2.4.20 #1 Sun May 11 18:53:34 CEST 2003 Jun 9 19:52:41 firewall kernel: options: [pci] [cardbus] [apm] Jun 9 19:52:41 firewall kernel: Intel ISA/PCI/CardBus PCIC probe: Jun 9 19:52:41 firewall kernel: Intel i82365sl B step rev 00 ISA-to-PCMCIA at port 0x3e0 ofs 0x00 Jun 9 19:52:41 firewall kernel: host opts [0]: none Jun 9 19:52:41 firewall kernel: host opts [1]: none Jun 9 19:52:41 firewall kernel: ISA irqs (scanned) = 3,4,5,7,9,10,12,14,15 status change on irq 15 Jun 9 19:52:42 firewall kernel: cs: memory probe 0x0d0000-0x0dffff: clean. # /etc/network/interfaces -- configuration file for LEAF network auto lo ppp0 iface lo inet loopback iface ppp0 inet ppp provider provider iface eth0 inet static address 192.168.1.254 masklen 24 broadcast 192.168.1.255 up pon up /etc/init.d/dnscache restart up shorewall restart down shorewall stop down /etc/init.d/dnscache stop down poff # /etc/modules: kernel modules to load at boot time. # ISA ethernet cards # PCI ethernet cards # should the 3c589_cs.o be declared here? <------------- # Modules needed for PPP connection slhc ppp_generic ppp_async # The three following modules are not always needed #zlib_inflate #zlib_deflate #ppp_deflate # Masquerading 'helper' modules # Other modules available in bering/modules/net/ipv4/netfilter ip_conntrack_ftp ip_conntrack_irc ip_nat_ftp ip_nat_irc ls -al /lib/modules drwxr-xr-x 3 root root 360 Jun 9 19:52 . drwxr-xr-x 5 root root 520 Jun 9 19:51 .. lrwxrwxrwx 1 root root 12 Jun 9 19:52 2.4.20 -> /lib/modules -r-xr-xr-x 1 root root 12692 May 29 19:24 3c589_cs.o -rw-r--r-- 1 root root 5496 May 11 17:07 ip_conntrack_ftp.o -rw-r--r-- 1 root root 5276 May 11 17:07 ip_conntrack_irc.o -rw-r--r-- 1 root root 4332 May 11 17:07 ip_nat_ftp.o -rw-r--r-- 1 root root 3704 May 11 17:07 ip_nat_irc.o -rw-r--r-- 1 root root 9816 May 11 17:07 n_hdlc.o drwxr-sr-x 2 root root 100 Jun 9 19:51 pcmcia -rw-r--r-- 1 root root 10444 May 11 17:07 ppp_async.o -rw-r--r-- 1 root root 5444 May 11 17:07 ppp_deflate.o -rw-r--r-- 1 root root 25572 May 11 17:07 ppp_generic.o -rw-r--r-- 1 root root 22416 May 11 17:07 ppp_mppe.o -rw-r--r-- 1 root root 8444 May 11 17:07 ppp_synctty.o -rw-r--r-- 1 root root 11872 May 11 17:07 pppoe.o -rw-r--r-- 1 root root 3764 May 11 17:07 pppox.o -rw-r--r-- 1 root root 6808 May 11 17:07 slhc.o ls -al /lib/modules/pcmcia drwxr-sr-x 2 root root 100 Jun 9 19:51 . drwxr-xr-x 3 root root 360 Jun 9 19:52 .. -rw-r--r-- 1 root root 11520 May 11 17:08 ds.o -rw-r--r-- 1 root root 38488 May 11 17:08 i82365.o -rw-r--r-- 1 root root 57393 May 11 17:08 pcmcia_core.o ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
