I've been fighting this for a bit, and don't seem to be making headway. I have an old laptop I am making into a LEAF Bering firewall. It's currently connected to an external serial modem, and a PCMCIA NIC (3com). There's no DMZ, and just the two interfaces (ppp0, eth0).
I've proven that the PPP part works, but I've been having trouble getting the DHCP server to work on the internal network address on eth0. I've worked through the installation instructions (many, many times). I've Googled and checked the FAQs. I've gotten some assistance with the problem here before, and implemented those instructions (ref traffic from Erich Titl, suggesting a delay script in /etc/init.d --thank you, Erich). Now, DHCPD does not seem to recognize eth0 and I cannot ping the firewall from itself, using ping 192.168.1.254 (the address assigned to the firewall on eth0). ******************** The messages at boot read: Starting dhcpd on eth0: No subnet declaration for eth0(0.0.0.0) Please write a subnet declaration for eth0 in your dhcpd.conf Here's some of the diagnostics that the FAQ recommend (each command / log / file delimited by series of asterisks): ******************** # dhcp.conf file dynamic-bootp-lease-length 604800; max-lease-time 1209600; subnet 192.168.1.0 netmask 255.255.255.0 { option routers 192.168.1.254; option domain-name "thrn"; option domain-name-servers 192.168.1.254; range 192.168.1.1 192.168.1.199; } ******************** ping 192.168.1.254 output: PING 192.168.1.254 (192.168.1.254): 56 data bytes ping: sendto: operation not permitted ******************** uname output: Linux firewall 2.4.20 #1 Sun May 11 18:53:34 CEST 2003 i486 unknown ******************** ip addr output: 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1500 qdisc pfifo_fast qlen 3 link/ppp inet 10.64.64.64 peer 10.112.112.112/32 scope global ppp0 4: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 100 link/ether 00:60:08:8a:0d:4d brd ff:ff:ff:ff:ff:ff ******************** lsmod output: Module Pages Used by 3c589_cs 8580 0 (unused) ds 6796 2 [3c589_cs] i82365 27044 2 pcmcia_core 41088 0 [3c589_cs ds i82365] ip_nat_irc 2176 0 (unused) ip_nat_ftp 2784 0 (unused) ip_conntrack_irc 2880 1 ip_conntrack_ftp 3648 1 ppp_async 6284 0 (unused) ppp_generic 16152 1 [ppp_async] slhc 4352 0 [ppp_generic] ******************** shorewall status output: Shorewall-1.4.2 Status at firewall - Sat Jul 26 19:22:48 UTC 2003 Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID Chain OUTPUT (policy DROP 3 packets, 252 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 Chain all2all (3 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ULOG all -- * * 0.0.0.0/0 0.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix `Shorewall:all2all:REJECT:' queue_threshold 1 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain common (2 references) pkts bytes target prot opt in out source destination 0 0 icmpdef icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:135 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 0 0 DROP all -- * * 0.0.0.0/0 255.255.255.255 0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/4 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 state NEW Chain dynamic (4 references) pkts bytes target prot opt in out source destination Chain eth0_fwd (0 references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 Chain eth0_in (0 references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 Chain fw2loc (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain fw2net (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain icmpdef (1 references) pkts bytes target prot opt in out source destination Chain loc2fw (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain loc2net (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain net2all (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ULOG all -- * * 0.0.0.0/0 0.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix `Shorewall:net2all:DROP:' queue_threshold 1 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain net2fw (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 net2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain newnotsyn (7 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ppp0_fwd (0 references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ppp0_in (0 references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 Chain reject (7 references) pkts bytes target prot opt in out source destination 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable NAT Table Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 3 packets, 252 bytes) pkts bytes target prot opt in out source dest ination Mangle Table Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 3 packets, 252 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination ******************** daemon.log from /var/log: Jul 26 18:51:10 firewall pppd[14492]: pppd 2.4.1 started by root, uid 0 Jul 26 18:51:10 firewall pppd[14492]: Using interface ppp0 Jul 26 18:51:10 firewall pppd[14492]: Cannot determine ethernet address for proxy ARP Jul 26 18:51:10 firewall pppd[14492]: local IP address 10.64.64.64 Jul 26 18:51:10 firewall pppd[14492]: remote IP address 10.112.112.112 Jul 26 18:51:11 firewall init: Entering runlevel: 2 Jul 26 18:51:13 firewall cardmgr[13569]: watching 2 sockets Jul 26 18:51:13 firewall cardmgr[24938]: starting, version is 3.2.4 Jul 26 18:51:13 firewall cardmgr[24938]: socket 1: 3Com 589 Ethernet Jul 26 18:51:13 firewall cardmgr[24938]: executing: 'insmod /lib/modules/2.4.20/pcmcia/3c589_cs.o' Jul 26 18:51:13 firewall cardmgr[24938]: + Using /lib/modules/2.4.20/pcmcia/3c589_cs.o Jul 26 18:51:14 firewall cardmgr[24938]: executing: './network start eth0' Jul 26 18:51:14 firewall dhcpd: Internet Software Consortium DHCP Server 2.0pl5 Jul 26 18:51:14 firewall dhcpd: Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium. Jul 26 18:51:14 firewall dhcpd: All rights reserved. Jul 26 18:51:14 firewall dhcpd: Jul 26 18:51:14 firewall dhcpd: Please contribute if you find this software useful. Jul 26 18:51:14 firewall dhcpd: For info, please visit http://www.isc.org/dhcp-contrib.html Jul 26 18:51:14 firewall dhcpd: Jul 26 18:51:14 firewall dhcpd: No subnet declaration for eth0 (0.0.0.0). Jul 26 18:51:14 firewall cardmgr[24938]: + /sbin/ifup: interface eth0 already configured Jul 26 18:51:14 firewall dhcpd: Please write a subnet declaration in your dhcpd.conf file for the Jul 26 18:51:14 firewall dhcpd: network segment to which interface eth0 is attached. Jul 26 18:51:14 firewall dhcpd: exiting. Jul 26 18:54:14 firewall dhcpd: Internet Software Consortium DHCP Server 2.0pl5 Jul 26 18:54:14 firewall dhcpd: Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium. Jul 26 18:54:14 firewall dhcpd: All rights reserved. Jul 26 18:54:14 firewall dhcpd: Jul 26 18:54:14 firewall dhcpd: Please contribute if you find this software useful. Jul 26 18:54:14 firewall dhcpd: For info, please visit http://www.isc.org/dhcp-contrib.html Jul 26 18:54:14 firewall dhcpd: Jul 26 18:54:14 firewall dhcpd: Sending on Socket/fallback/fallback-net ******************** Messages log from /var/log Jul 26 18:51:03 firewall syslogd 1.3-3#31.slink1: restart. Jul 26 18:51:04 firewall kernel: klogd 1.3-3#31.slink1, log source = /proc/kmsg started. Jul 26 18:51:04 firewall kernel: No module symbols loaded. Jul 26 18:51:04 firewall kernel: BIOS-provided physical RAM map: Jul 26 18:51:04 firewall kernel: 24MB LOWMEM available. Jul 26 18:51:04 firewall kernel: Initializing CPU#0 Jul 26 18:51:04 firewall kernel: Memory: 22188k/24768k available (948k kernel code, 2192k reserved, -1176k data, 64k init, 0k highmem) Jul 26 18:51:04 firewall kernel: Dentry cache hash table entries: 4096 (order: 3, 32768 bytes) Jul 26 18:51:04 firewall kernel: Inode cache hash table entries: 2048 (order: 2, 16384 bytes) Jul 26 18:51:04 firewall kernel: Checking 'hlt' instruction... OK. Jul 26 18:51:04 firewall kernel: Linux NET4.0 for Linux 2.4 Jul 26 18:51:04 firewall kernel: Based upon Swansea University Computer Society NET3.039 Jul 26 18:51:04 firewall kernel: Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ DETECT_IRQ SERIAL_PCI enabled Jul 26 18:51:04 firewall kernel: ttyS00 at 0x03f8 (irq = 4) is a 16550A Jul 26 18:51:04 firewall kernel: Real Time Clock Driver v1.10e Jul 26 18:51:04 firewall kernel: Software Watchdog Timer: 0.05, timer margin: 60 sec Jul 26 18:51:04 firewall kernel: Floppy drive(s): fd0 is 1.44M Jul 26 18:51:04 firewall kernel: FDC 0 is an 8272A Jul 26 18:51:04 firewall kernel: NET4: Linux TCP/IP 1.0 for NET4.0 Jul 26 18:51:04 firewall kernel: IP Protocols: ICMP, UDP, TCP, IGMP Jul 26 18:51:04 firewall kernel: IP: routing cache hash table of 512 buckets, 4Kbytes Jul 26 18:51:04 firewall kernel: TCP: Hash tables configured (established 2048 bind 2048) Jul 26 18:51:04 firewall kernel: NET4: Unix domain sockets 1.0/SMP for Linux NET4.0. Jul 26 18:51:04 firewall kernel: RAMDISK: Compressed image found at block 0 Jul 26 18:51:04 firewall kernel: Freeing initrd memory: 401k freed Jul 26 18:51:04 firewall kernel: Freeing unused kernel memory: 64k freed Jul 26 18:51:04 firewall kernel: CSLIP: code copyright 1989 Regents of the University of California Jul 26 18:51:05 firewall kernel: PPP generic driver version 2.4.2 Jul 26 18:51:12 firewall kernel: Linux PCMCIA Card Services 3.2.4 Jul 26 18:51:12 firewall kernel: kernel build: 2.4.20 #1 Sun May 11 18:53:34 CEST 2003 Jul 26 18:51:12 firewall kernel: options: [pci] [cardbus] [apm] Jul 26 18:51:12 firewall kernel: Intel ISA/PCI/CardBus PCIC probe: Jul 26 18:51:12 firewall kernel: Intel i82365sl B step rev 00 ISA-to-PCMCIA at port 0x3e0 ofs 0x00 Jul 26 18:51:12 firewall kernel: host opts [0]: none Jul 26 18:51:12 firewall kernel: host opts [1]: none Jul 26 18:51:12 firewall kernel: ISA irqs (scanned) = 3,4,5,7,9,10,11,12,15 status change on irq 15 Jul 26 18:51:13 firewall kernel: cs: memory probe 0x0d0000-0x0dffff: clean. Jul 26 18:51:14 firewall kernel: cs: IO port probe 0x0100-0x04ff: excluding 0x1f0-0x1ff 0x378-0x37f 0x3c0-0x3e7 0x3f0-0x4c7 0x4d0-0x4ef Jul 26 18:51:14 firewall kernel: cs: IO port probe 0x0200-0x0377: clean. Jul 26 18:51:14 firewall kernel: cs: IO port probe 0x0380-0x03bf: clean. Jul 26 18:51:14 firewall kernel: cs: IO port probe 0x03e8-0x03ef: clean. Jul 26 18:51:14 firewall kernel: cs: IO port probe 0x04c8-0x04cf: clean. Jul 26 18:51:14 firewall kernel: cs: IO port probe 0x04f0-0x04ff: clean. Jul 26 18:51:14 firewall kernel: cs: IO port probe 0x0800-0x08ff: excluding 0x800-0x87f 0x8a0-0x8c7 0x8d0-0x8ef Jul 26 18:51:14 firewall kernel: cs: IO port probe 0x08c8-0x08cf: clean. Jul 26 18:51:14 firewall kernel: cs: IO port probe 0x08f0-0x08ff: clean. Jul 26 18:51:14 firewall kernel: cs: IO port probe 0x0a00-0x0aff: clean. Jul 26 18:51:14 firewall kernel: cs: IO port probe 0x0c00-0x0cff: excluding 0xc00-0xc7f 0xca0-0xcc7 0xcd0-0xcef Jul 26 18:51:14 firewall kernel: cs: IO port probe 0x0cc8-0x0ccf: clean. Jul 26 18:51:14 firewall kernel: cs: IO port probe 0x0cf0-0x0cff: clean. Jul 26 18:51:14 firewall kernel: eth0: 3Com 3c589, io 0x300, irq 3, hw_addr 00:60:08:8A:0D:4D Jul 26 18:51:14 firewall kernel: 8K FIFO split 5:3 Rx:Tx, auto xcvr ******************** ppp.log from /var/log was empty ******************** shorewall.log from /var/log was empty ******************** syslog from /var/log: Jul 26 18:51:04 firewall kernel: Cannot find map file. Jul 26 18:51:04 firewall kernel: Linux version 2.4.20 ([EMAIL PROTECTED]) (gcc version 2.95.4 20011002 (Debian prerelease)) #1 Sun May 11 18:53:34 CEST 2003 Jul 26 18:51:04 firewall kernel: BIOS-88: 0000000000000000 - 000000000009f000 (usable) Jul 26 18:51:04 firewall kernel: BIOS-88: 0000000000100000 - 0000000001830000 (usable) Jul 26 18:51:04 firewall kernel: On node 0 totalpages: 6192 Jul 26 18:51:04 firewall kernel: zone(0): 4096 pages. Jul 26 18:51:04 firewall kernel: zone(1): 2096 pages. Jul 26 18:51:04 firewall kernel: zone(2): 0 pages. Jul 26 18:51:04 firewall kernel: Kernel command line: BOOT_IMAGE=linux initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0 boot=/dev/fd0u1680:msdos diskwait=yes PKGPATH=/dev/fd0u1680 LRP=root,etc,local,modules,pcmcia,iptables,ppp,pump,libz,sshd,sshkey,sho rwall,ulogd,dnscache,weblet,dhcpd Jul 26 18:51:04 firewall kernel: Console: colour VGA+ 80x25 Jul 26 18:51:04 firewall kernel: Calibrating delay loop... 37.37 BogoMIPS Jul 26 18:51:04 firewall kernel: Checking if this processor honours the WP bit even in supervisor mode... Ok. Jul 26 18:51:04 firewall kernel: Mount-cache hash table entries: 512 (order: 0, 4096 bytes) Jul 26 18:51:04 firewall kernel: Buffer-cache hash table entries: 1024 (order: 0, 4096 bytes) Jul 26 18:51:04 firewall kernel: Page-cache hash table entries: 8192 (order: 3, 32768 bytes) Jul 26 18:51:04 firewall kernel: CPU: Intel 486 DX/4 stepping 00 Jul 26 18:51:04 firewall kernel: POSIX conformance testing by UNIFIX Jul 26 18:51:04 firewall kernel: PCI: System does not support PCI Jul 26 18:51:04 firewall kernel: Initializing RT netlink socket Jul 26 18:51:04 firewall kernel: Starting kswapd Jul 26 18:51:04 firewall kernel: pty: 256 Unix98 ptys configured Jul 26 18:51:04 firewall kernel: RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize Jul 26 18:51:04 firewall kernel: ip_conntrack version 2.1 (193 buckets, 1544 max) - 320 bytes per conntrack Jul 26 18:51:04 firewall kernel: ip_tables: (C) 2000-2002 Netfilter core team Jul 26 18:51:04 firewall kernel: arp_tables: (C) 2002 David S. Miller Jul 26 18:51:04 firewall kernel: VFS: Mounted root (minix filesystem). Jul 26 19:18:52 firewall kernel: end_request: I/O error, dev 02:2c (floppy), sector 19 Jul 26 19:18:54 firewall kernel: end_request: I/O error, dev 02:2c (floppy), sector 20 Jul 26 19:19:04 firewall kernel: VFS: busy inodes on changed media. ******************** # # Shorewall 1.4 -- Sample Zone File For Two Interfaces #ZONE DISPLAY COMMENTS net Net Internet loc Local Local Networks #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE ******************** Shorewall policy file ######################################################################## ####### #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST loc net ACCEPT # If you want open access to the Internet from your Firewall # remove the comment from the following line. #fw net ACCEPT net all DROP ULOG all all REJECT ULOG ******************** # etc/shorewall/masq #INTERFACE SUBNET ADDRESS ppp0 eth0 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE ******************** # /etc/shorewall/interfaces #ZONE INTERFACE BROADCAST OPTIONS net ppp0 - loc eth0 detect #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE ******************** /etc/network/options file ip_forward=no spoofprotect=yes syncookies=no ******************** # /etc/network/interfaces auto lo ppp0 eth0 iface lo inet loopback iface ppp0 inet ppp provider provider iface eth0 inet static address 192.168.1.254 masklen 24 broadcast 192.168.1.255 up pon up /etc/init.d/dnscache restart up dhcpd restart up shorewall restart down shorewall stop down /etc/init.d/dnscache stop down poff ******************** # pump configuration retries 3 script "/etc/pump.shorewall" device eth0 { nodns } ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html