I've been fighting this for a bit, and don't seem to be making headway.
I have an old laptop I am making into a LEAF Bering firewall. It's
currently connected to an external serial modem, and a PCMCIA NIC (3com).
There's no DMZ, and just the two interfaces (ppp0, eth0).
I've proven that the PPP part works, but I've been having trouble getting
the DHCP server to work on the internal network address on eth0.
I've worked through the installation instructions (many, many times). I've
Googled and checked the FAQs.
I've gotten some assistance with the problem here before, and implemented
those instructions (ref traffic from Erich Titl, suggesting a delay script
in /etc/init.d --thank you, Erich).
Now, DHCPD does not seem to recognize eth0 and I cannot ping the firewall
from itself, using ping 192.168.1.254 (the address assigned to the firewall
on eth0).
********************
The messages at boot read:
Starting dhcpd on eth0:
No subnet declaration for eth0(0.0.0.0)
Please write a subnet declaration for eth0 in your dhcpd.conf
Here's some of the diagnostics that the FAQ recommend (each command / log
/ file delimited by series of asterisks):
********************
# dhcp.conf file
dynamic-bootp-lease-length 604800;
max-lease-time 1209600;
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.254;
option domain-name "thrn";
option domain-name-servers 192.168.1.254;
range 192.168.1.1 192.168.1.199;
}
********************
ping 192.168.1.254 output:
PING 192.168.1.254 (192.168.1.254): 56 data bytes
ping: sendto: operation not permitted
********************
uname output:
Linux firewall 2.4.20 #1 Sun May 11 18:53:34 CEST 2003 i486 unknown
********************
ip addr output:
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1500 qdisc pfifo_fast qlen 3
link/ppp
inet 10.64.64.64 peer 10.112.112.112/32 scope global ppp0
4: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 100
link/ether 00:60:08:8a:0d:4d brd ff:ff:ff:ff:ff:ff
********************
lsmod output:
Module Pages Used by
3c589_cs 8580 0 (unused)
ds 6796 2 [3c589_cs]
i82365 27044 2
pcmcia_core 41088 0 [3c589_cs ds i82365]
ip_nat_irc 2176 0 (unused)
ip_nat_ftp 2784 0 (unused)
ip_conntrack_irc 2880 1
ip_conntrack_ftp 3648 1
ppp_async 6284 0 (unused)
ppp_generic 16152 1 [ppp_async]
slhc 4352 0 [ppp_generic]
********************
shorewall status output:
Shorewall-1.4.2 Status at firewall - Sat Jul 26 19:22:48 UTC 2003
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:53
0 0 DROP !icmp -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
0 0 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:53
0 0 DROP !icmp -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
Chain OUTPUT (policy DROP 3 packets, 252 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:53
0 0 DROP !icmp -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
0 0 ACCEPT all -- * lo 0.0.0.0/0
0.0.0.0/0
Chain all2all (3 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
0 0 common all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ULOG all -- * * 0.0.0.0/0
0.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix
`Shorewall:all2all:REJECT:' queue_threshold 1
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain common (2 references)
pkts bytes target prot opt in out source
destination
0 0 icmpdef icmp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:137:139
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:445
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:139
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:445
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:135
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:1900
0 0 DROP all -- * * 0.0.0.0/0
255.255.255.255
0 0 DROP all -- * * 0.0.0.0/0
224.0.0.0/4
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:113
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:53 state NEW
Chain dynamic (4 references)
pkts bytes target prot opt in out source
destination
Chain eth0_fwd (0 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0
Chain eth0_in (0 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0
Chain fw2loc (0 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
0 0 all2all all -- * * 0.0.0.0/0
0.0.0.0/0
Chain fw2net (0 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:53
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
0 0 all2all all -- * * 0.0.0.0/0
0.0.0.0/0
Chain icmpdef (1 references)
pkts bytes target prot opt in out source
destination
Chain loc2fw (0 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:22
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:80
0 0 all2all all -- * * 0.0.0.0/0
0.0.0.0/0
Chain loc2net (0 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net2all (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
0 0 common all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ULOG all -- * * 0.0.0.0/0
0.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix
`Shorewall:net2all:DROP:' queue_threshold 1
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net2fw (0 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
0 0 net2all all -- * * 0.0.0.0/0
0.0.0.0/0
Chain newnotsyn (7 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain ppp0_fwd (0 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0
Chain ppp0_in (0 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0
Chain reject (7 references)
pkts bytes target prot opt in out source
destination
0 0 REJECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with tcp-reset
0 0 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
NAT Table
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 3 packets, 252 bytes)
pkts bytes target prot opt in out source dest
ination
Mangle Table
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 3 packets, 252 bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
********************
daemon.log from /var/log:
Jul 26 18:51:10 firewall pppd[14492]: pppd 2.4.1 started by root, uid 0
Jul 26 18:51:10 firewall pppd[14492]: Using interface ppp0
Jul 26 18:51:10 firewall pppd[14492]: Cannot determine ethernet address for
proxy ARP
Jul 26 18:51:10 firewall pppd[14492]: local IP address 10.64.64.64
Jul 26 18:51:10 firewall pppd[14492]: remote IP address 10.112.112.112
Jul 26 18:51:11 firewall init: Entering runlevel: 2
Jul 26 18:51:13 firewall cardmgr[13569]: watching 2 sockets
Jul 26 18:51:13 firewall cardmgr[24938]: starting, version is 3.2.4
Jul 26 18:51:13 firewall cardmgr[24938]: socket 1: 3Com 589 Ethernet
Jul 26 18:51:13 firewall cardmgr[24938]: executing: 'insmod
/lib/modules/2.4.20/pcmcia/3c589_cs.o'
Jul 26 18:51:13 firewall cardmgr[24938]: + Using
/lib/modules/2.4.20/pcmcia/3c589_cs.o
Jul 26 18:51:14 firewall cardmgr[24938]: executing: './network start eth0'
Jul 26 18:51:14 firewall dhcpd: Internet Software Consortium DHCP Server
2.0pl5
Jul 26 18:51:14 firewall dhcpd: Copyright 1995, 1996, 1997, 1998, 1999 The
Internet Software Consortium.
Jul 26 18:51:14 firewall dhcpd: All rights reserved.
Jul 26 18:51:14 firewall dhcpd:
Jul 26 18:51:14 firewall dhcpd: Please contribute if you find this software
useful.
Jul 26 18:51:14 firewall dhcpd: For info, please visit
http://www.isc.org/dhcp-contrib.html
Jul 26 18:51:14 firewall dhcpd:
Jul 26 18:51:14 firewall dhcpd: No subnet declaration for eth0 (0.0.0.0).
Jul 26 18:51:14 firewall cardmgr[24938]: + /sbin/ifup: interface eth0
already configured
Jul 26 18:51:14 firewall dhcpd: Please write a subnet declaration in your
dhcpd.conf file for the
Jul 26 18:51:14 firewall dhcpd: network segment to which interface eth0 is
attached.
Jul 26 18:51:14 firewall dhcpd: exiting.
Jul 26 18:54:14 firewall dhcpd: Internet Software Consortium DHCP Server
2.0pl5
Jul 26 18:54:14 firewall dhcpd: Copyright 1995, 1996, 1997, 1998, 1999 The
Internet Software Consortium.
Jul 26 18:54:14 firewall dhcpd: All rights reserved.
Jul 26 18:54:14 firewall dhcpd:
Jul 26 18:54:14 firewall dhcpd: Please contribute if you find this software
useful.
Jul 26 18:54:14 firewall dhcpd: For info, please visit
http://www.isc.org/dhcp-contrib.html
Jul 26 18:54:14 firewall dhcpd:
Jul 26 18:54:14 firewall dhcpd: Sending on Socket/fallback/fallback-net
********************
Messages log from /var/log
Jul 26 18:51:03 firewall syslogd 1.3-3#31.slink1: restart.
Jul 26 18:51:04 firewall kernel: klogd 1.3-3#31.slink1, log source =
/proc/kmsg started.
Jul 26 18:51:04 firewall kernel: No module symbols loaded.
Jul 26 18:51:04 firewall kernel: BIOS-provided physical RAM map:
Jul 26 18:51:04 firewall kernel: 24MB LOWMEM available.
Jul 26 18:51:04 firewall kernel: Initializing CPU#0
Jul 26 18:51:04 firewall kernel: Memory: 22188k/24768k available (948k
kernel code, 2192k reserved, -1176k data, 64k init, 0k highmem)
Jul 26 18:51:04 firewall kernel: Dentry cache hash table entries: 4096
(order: 3, 32768 bytes)
Jul 26 18:51:04 firewall kernel: Inode cache hash table entries: 2048
(order: 2, 16384 bytes)
Jul 26 18:51:04 firewall kernel: Checking 'hlt' instruction... OK.
Jul 26 18:51:04 firewall kernel: Linux NET4.0 for Linux 2.4
Jul 26 18:51:04 firewall kernel: Based upon Swansea University Computer
Society NET3.039
Jul 26 18:51:04 firewall kernel: Serial driver version 5.05c (2001-07-08)
with MANY_PORTS SHARE_IRQ DETECT_IRQ SERIAL_PCI enabled
Jul 26 18:51:04 firewall kernel: ttyS00 at 0x03f8 (irq = 4) is a 16550A
Jul 26 18:51:04 firewall kernel: Real Time Clock Driver v1.10e
Jul 26 18:51:04 firewall kernel: Software Watchdog Timer: 0.05, timer
margin: 60 sec
Jul 26 18:51:04 firewall kernel: Floppy drive(s): fd0 is 1.44M
Jul 26 18:51:04 firewall kernel: FDC 0 is an 8272A
Jul 26 18:51:04 firewall kernel: NET4: Linux TCP/IP 1.0 for NET4.0
Jul 26 18:51:04 firewall kernel: IP Protocols: ICMP, UDP, TCP, IGMP
Jul 26 18:51:04 firewall kernel: IP: routing cache hash table of 512
buckets, 4Kbytes
Jul 26 18:51:04 firewall kernel: TCP: Hash tables configured (established
2048 bind 2048)
Jul 26 18:51:04 firewall kernel: NET4: Unix domain sockets 1.0/SMP for
Linux NET4.0.
Jul 26 18:51:04 firewall kernel: RAMDISK: Compressed image found at block 0
Jul 26 18:51:04 firewall kernel: Freeing initrd memory: 401k freed
Jul 26 18:51:04 firewall kernel: Freeing unused kernel memory: 64k freed
Jul 26 18:51:04 firewall kernel: CSLIP: code copyright 1989 Regents of the
University of California
Jul 26 18:51:05 firewall kernel: PPP generic driver version 2.4.2
Jul 26 18:51:12 firewall kernel: Linux PCMCIA Card Services 3.2.4
Jul 26 18:51:12 firewall kernel: kernel build: 2.4.20 #1 Sun May 11
18:53:34 CEST 2003
Jul 26 18:51:12 firewall kernel: options: [pci] [cardbus] [apm]
Jul 26 18:51:12 firewall kernel: Intel ISA/PCI/CardBus PCIC probe:
Jul 26 18:51:12 firewall kernel: Intel i82365sl B step rev 00
ISA-to-PCMCIA at port 0x3e0 ofs 0x00
Jul 26 18:51:12 firewall kernel: host opts [0]: none
Jul 26 18:51:12 firewall kernel: host opts [1]: none
Jul 26 18:51:12 firewall kernel: ISA irqs (scanned) =
3,4,5,7,9,10,11,12,15 status change on irq 15
Jul 26 18:51:13 firewall kernel: cs: memory probe 0x0d0000-0x0dffff: clean.
Jul 26 18:51:14 firewall kernel: cs: IO port probe 0x0100-0x04ff: excluding
0x1f0-0x1ff 0x378-0x37f 0x3c0-0x3e7 0x3f0-0x4c7 0x4d0-0x4ef
Jul 26 18:51:14 firewall kernel: cs: IO port probe 0x0200-0x0377: clean.
Jul 26 18:51:14 firewall kernel: cs: IO port probe 0x0380-0x03bf: clean.
Jul 26 18:51:14 firewall kernel: cs: IO port probe 0x03e8-0x03ef: clean.
Jul 26 18:51:14 firewall kernel: cs: IO port probe 0x04c8-0x04cf: clean.
Jul 26 18:51:14 firewall kernel: cs: IO port probe 0x04f0-0x04ff: clean.
Jul 26 18:51:14 firewall kernel: cs: IO port probe 0x0800-0x08ff: excluding
0x800-0x87f 0x8a0-0x8c7 0x8d0-0x8ef
Jul 26 18:51:14 firewall kernel: cs: IO port probe 0x08c8-0x08cf: clean.
Jul 26 18:51:14 firewall kernel: cs: IO port probe 0x08f0-0x08ff: clean.
Jul 26 18:51:14 firewall kernel: cs: IO port probe 0x0a00-0x0aff: clean.
Jul 26 18:51:14 firewall kernel: cs: IO port probe 0x0c00-0x0cff: excluding
0xc00-0xc7f 0xca0-0xcc7 0xcd0-0xcef
Jul 26 18:51:14 firewall kernel: cs: IO port probe 0x0cc8-0x0ccf: clean.
Jul 26 18:51:14 firewall kernel: cs: IO port probe 0x0cf0-0x0cff: clean.
Jul 26 18:51:14 firewall kernel: eth0: 3Com 3c589, io 0x300, irq 3, hw_addr
00:60:08:8A:0D:4D
Jul 26 18:51:14 firewall kernel: 8K FIFO split 5:3 Rx:Tx, auto xcvr
********************
ppp.log from /var/log was empty
********************
shorewall.log from /var/log was empty
********************
syslog from /var/log:
Jul 26 18:51:04 firewall kernel: Cannot find map file.
Jul 26 18:51:04 firewall kernel: Linux version 2.4.20 ([EMAIL PROTECTED]) (gcc
version 2.95.4 20011002 (Debian prerelease)) #1 Sun May 11 18:53:34 CEST
2003
Jul 26 18:51:04 firewall kernel: BIOS-88: 0000000000000000 -
000000000009f000 (usable)
Jul 26 18:51:04 firewall kernel: BIOS-88: 0000000000100000 -
0000000001830000 (usable)
Jul 26 18:51:04 firewall kernel: On node 0 totalpages: 6192
Jul 26 18:51:04 firewall kernel: zone(0): 4096 pages.
Jul 26 18:51:04 firewall kernel: zone(1): 2096 pages.
Jul 26 18:51:04 firewall kernel: zone(2): 0 pages.
Jul 26 18:51:04 firewall kernel: Kernel command line: BOOT_IMAGE=linux
initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0 boot=/dev/fd0u1680:msdos
diskwait=yes PKGPATH=/dev/fd0u1680
LRP=root,etc,local,modules,pcmcia,iptables,ppp,pump,libz,sshd,sshkey,sho
rwall,ulogd,dnscache,weblet,dhcpd
Jul 26 18:51:04 firewall kernel: Console: colour VGA+ 80x25
Jul 26 18:51:04 firewall kernel: Calibrating delay loop... 37.37 BogoMIPS
Jul 26 18:51:04 firewall kernel: Checking if this processor honours the WP
bit even in supervisor mode... Ok.
Jul 26 18:51:04 firewall kernel: Mount-cache hash table entries: 512
(order: 0, 4096 bytes)
Jul 26 18:51:04 firewall kernel: Buffer-cache hash table entries: 1024
(order: 0, 4096 bytes)
Jul 26 18:51:04 firewall kernel: Page-cache hash table entries: 8192
(order: 3, 32768 bytes)
Jul 26 18:51:04 firewall kernel: CPU: Intel 486 DX/4 stepping 00
Jul 26 18:51:04 firewall kernel: POSIX conformance testing by UNIFIX
Jul 26 18:51:04 firewall kernel: PCI: System does not support PCI
Jul 26 18:51:04 firewall kernel: Initializing RT netlink socket
Jul 26 18:51:04 firewall kernel: Starting kswapd
Jul 26 18:51:04 firewall kernel: pty: 256 Unix98 ptys configured
Jul 26 18:51:04 firewall kernel: RAMDISK driver initialized: 16 RAM disks
of 4096K size 1024 blocksize
Jul 26 18:51:04 firewall kernel: ip_conntrack version 2.1 (193 buckets,
1544 max) - 320 bytes per conntrack
Jul 26 18:51:04 firewall kernel: ip_tables: (C) 2000-2002 Netfilter core
team
Jul 26 18:51:04 firewall kernel: arp_tables: (C) 2002 David S. Miller
Jul 26 18:51:04 firewall kernel: VFS: Mounted root (minix filesystem).
Jul 26 19:18:52 firewall kernel: end_request: I/O error, dev 02:2c
(floppy), sector 19
Jul 26 19:18:54 firewall kernel: end_request: I/O error, dev 02:2c
(floppy), sector 20
Jul 26 19:19:04 firewall kernel: VFS: busy inodes on changed media.
********************
#
# Shorewall 1.4 -- Sample Zone File For Two Interfaces
#ZONE DISPLAY COMMENTS
net Net Internet
loc Local Local Networks
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
********************
Shorewall policy file
########################################################################
#######
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
loc net ACCEPT
# If you want open access to the Internet from your Firewall
# remove the comment from the following line.
#fw net ACCEPT
net all DROP ULOG
all all REJECT ULOG
********************
# etc/shorewall/masq
#INTERFACE SUBNET ADDRESS
ppp0 eth0
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
********************
# /etc/shorewall/interfaces
#ZONE INTERFACE BROADCAST OPTIONS
net ppp0 -
loc eth0 detect
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
********************
/etc/network/options file
ip_forward=no
spoofprotect=yes
syncookies=no
********************
# /etc/network/interfaces
auto lo ppp0 eth0
iface lo inet loopback
iface ppp0 inet ppp
provider provider
iface eth0 inet static
address 192.168.1.254
masklen 24
broadcast 192.168.1.255
up pon
up /etc/init.d/dnscache restart
up dhcpd restart
up shorewall restart
down shorewall stop
down /etc/init.d/dnscache stop
down poff
********************
# pump configuration
retries 3
script "/etc/pump.shorewall"
device eth0 {
nodns
}
��
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
