Hello all,
I had some difficulties to get DHCP working on my system because of my
(probably unusual) configuration. To help others who might run into the
same
problems I want to share my experience.
In fact it's not a LEAF-Bering issue but a Shorewall configuration
problem.
My network configuration:
Bering-uClibc with 2 ethernet cards used as Internet router, VPN router
and
firewall
eth0 connected to ADSL modem
eth1 internal network
eth1 has 2 addresses and is used for 2 subnets on the same ethernet:
192.168.0.0/24 and 10.61.192.0/18
systems in 192.168.0.0/24 have access to internet
systems in 10.61.192.0/18 have access to VPN
I could not get DHCP working with the suggested Shorewall configuration
because of the 2 network addressen on 1 interface.
This is my original configuration:
/etc/network/interfaces
-----------------------
auto ppp0
iface ppp0 inet ppp
pre-up ip link set eth0 up
provider dsl-provider eth0
iface eth1 inet static
address 192.168.0.254
netmask 255.255.255.0
broadcast 192.168.0.255
auto eth1:0
iface eth1:0 inet static
address 10.61.192.254
netmask 255.255.192.0
network 10.61.192.0
broadcast 10.61.255.255
/etc/shorewall/zones
--------------------
net Net Internet
loc Local Local networks
vpnh VPN-home VPN home part
vpno VPN VPN office part
/etc/shorewall/interfaces
-------------------------
net ppp0 - routefilter,norfc1918
- eth1 detect
vpno ipsec0
/etc/shorewall/hosts
--------------------
loc eth1:192.168.0.0/24
vpnh eth1:10.61.192.0/18
I used the suggested rule in
/etc/shorewall/rules
--------------------
[...]
# allow loc to fw udp/67 and udp/68 for dnsmasq's dhcpd to work
ACCEPT loc fw udp 67,68
[...]
This did not work. I could see DHCP requests but no replies.
I tried adding an accept rule for packets from "fw" to "loc" but id did
not
work either.
This does not work because zone "loc" is not defined in /etc/shorewall/
interfaces but in /etc/shorewall/hosts and the addresses 0.0.0.0 and
255.255.255.255 as used by DHCP are not part of the zone "loc".
I added an additional zone "locbc" to make it work:
/etc/shorewall/zones
--------------------
net Net Internet
loc Local Local networks
locbc LocalBC Local network broadcast
vpnh VPN-home VPN home part
vpno VPN VPN office part
/etc/shorewall/hosts
--------------------
loc eth1:192.168.0.0/24
locbc eth1:255.255.255.255,0.0.0.0
vpnh eth1:10.61.192.0/18
/etc/shorewall/rules
--------------------
[...]
# allow loc to fw udp/67 and udp/68 for dnsmasq's dhcpd to work
ACCEPT loc fw udp 67,68
ACCEPT fw loc udp 67,68
ACCEPT locbc fw udp 67,68
ACCEPT fw locbc udp 67,68
[...]
I think, address 255.255.255.255 does not need to be in "locbc" and the
rules
"ACCEPT fw loc..." are not necessary, but I did not (yet) try without
these.
Maybe this hints can be included into some documentation or FAQ.
Bodo
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
------------------------------------------------------------------------
leaf-user mailing list: [email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
