Wow, thanks everyone. :-)
I like kp's idea of creating a separate subnet for the DMZ (e.g: 192.168.2.0). Do I do that all through dnsmasq.conf?...or are there changes I need to make to shorewall as well? Thank you, Craig -----Original Message----- From: Eric Spakman [mailto:[EMAIL PROTECTED] Sent: Saturday, December 23, 2006 11:24 AM To: Craig Caughlin Subject: Re: [leaf-user] No DHCP address to the DMZ :-( Hi Craig, >Unfortunately, no. :-( > >I've even tried changing cables to be sure it wasn't a simple problem like >that (even though they're brand new cables). > >Suggestions? > A few things to check: Do you have an ip connection at all? Try to give the system a fixed ip address and run ping. If that works, enable dhcp on that system again and look if dhcp traffic isn't blocked. This can be done with 'shorewall hits', but it's better to use tcpdump to 'snif' the traffic. >Thank you, >Craig > Eric >-----Original Message----- >From: Eric Spakman [mailto:[EMAIL PROTECTED] >Sent: Saturday, December 23, 2006 11:07 AM >To: Craig Caughlin >Cc: [email protected] >Subject: Re: [leaf-user] No DHCP address to the DMZ :-( > >Hi Craig, > >>Hi Eric, >>The only thing I have done to get things up and running is: >> >>I've uncommented "dhcp-range=192.168.1.1,192.168.1.199,12h" in the >>/etc/dnsmasq.conf file. Do I need to do something different? >> >No, that's enough to serve dhcp addresses. > >>Also, should I add another interface in /etc/dhcpc/config ? I see at the >>bottom it says, # Add other interfaces here >>*) >>;; >> >>Should I add eth2? What does the syntax look like?: >> >># Add other interfaces here >>*) >>eth2 >>;; >> >>Is that right (and/or do I even need to worry about it?)? >> >This is the configuration of dhcpcd, the dhcp client. You don't need >to worry about that. > >>Thank you! :-) >> >Is it working now in the dmz? > >>Craig >> >Eric > >>-----Original Message----- >>From: Eric Spakman [mailto:[EMAIL PROTECTED] >>Sent: Saturday, December 23, 2006 10:35 AM >>To: Craig Caughlin >>Cc: [email protected] >>Subject: Re: [leaf-user] No DHCP address to the DMZ :-( >> >>Hi Craig, >> >>>Hi folks, >>>Happy Holidays. :-) >>> >>Happy Holidays to you ;-) >> >>>I'm using the new, Bering uClibc 3.0, and my LAN connections to/from the >>>web, etc. work great. >>> >>>Now, I'm trying to set up a wireless router in my DMZ, and it's not >getting >>>a dynamic IP address (I have confirmed this by connecting a laptop via >>>crossover cable directly to the DMZ NIC). Here's my scenario: >>> >>>1. I'm using the new, Bering uClibc 3.0 >>>2. ip addr show displays: >>> >>>eth0: mtu 1500 qdisc pfifo_fast qlen 1000 >>>link/ether 00:02:e3:1d:e2:a5 brd ff:ff:ff:ff:ff:ff >>>inet 67.164.217.61/23 brd 255.255.255.255 scope global eth0 >>> >>>eth1: mtu 1500 qdisc pfifo_fast qlen 1000 >>>link/ether 00:02:e3:23:c1:1f brd ff:ff:ff:ff:ff:ff >>>inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1 >>> >>>eth2: mtu 1500 qdisc pfifo_fast qlen 1000 >>>link/ether 00:02:e3:22:a0:51 brd ff:ff:ff:ff:ff:ff >>>inet 192.168.1.100/24 brd 192.168.1.255 scope global eth2 >>> >>>3. I uncommented the DMZ section of /etc/network/interfaces >>>4. I have the following changes to Shorewall: >>> >>>/etc/shorewall/zones - Uncommented the DMZ line >>>/etc/shorewall/policy - DMZ > NET > ACCEPT >>>/etc/shorewall/rules - DNS/ACCEPT dmz > fw, Ping/ACCEPT dmz > fw, and >>ACCEPT >>>fw dmz > icmp >>>/etc/shorewall/interfaces - dmz eth2 detect dhcp >>>/etc/shorewall/masq - Unchanged >>>/etc/shorewall/routestopped - Unchanged ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
