Hi Craig,
>
> Wow, thanks everyone. :-)
>
>
> I like kp's idea of creating a separate subnet for the DMZ (e.g:
> 192.168.2.0).
>
>
> Do I do that all through dnsmasq.conf?...or are there changes I need to
> make to shorewall as well?
>
You have to make them in /etc/network/interfaces:
auto eth1
iface eth1 inet static
address 192.168.1.254
netmask 255.255.255.0
broadcast 192.168.1.255
auto eth2
iface eth2 inet static
address 192.168.2.254
netmask 255.255.255.0
broadcast 192.168.2.255
And if you want to have dhcp on both networks you have to do something
like this in dnsmasq.conf:
dhcp-range=192.168.1.1,192.168.1.199,12h
dhcp-range=192.168.2.1,192.168.2.199,12h
In shorewall it's important in above case to have both
loc eth1 detect dhcp
and
dmz eth2 detect dhcp
in the shorewall/interfaces file.
Eric
> Thank you,
> Craig
>
>
> -----Original Message-----
> From: Eric Spakman [mailto:[EMAIL PROTECTED]
> Sent: Saturday, December 23, 2006 11:24 AM
> To: Craig Caughlin
> Subject: Re: [leaf-user] No DHCP address to the DMZ :-(
>
>
> Hi Craig,
>
>
>> Unfortunately, no. :-(
>>
>>
>> I've even tried changing cables to be sure it wasn't a simple problem
>> like that (even though they're brand new cables).
>>
>> Suggestions?
>>
>>
> A few things to check:
> Do you have an ip connection at all? Try to give the system a fixed
> ip address and run ping. If that works, enable dhcp on that system again
> and look if dhcp traffic isn't blocked. This can be done with 'shorewall
> hits', but it's better to use tcpdump to 'snif' the traffic.
>
>> Thank you,
>> Craig
>>
>>
> Eric
>
>
>> -----Original Message-----
>> From: Eric Spakman [mailto:[EMAIL PROTECTED]
>> Sent: Saturday, December 23, 2006 11:07 AM
>> To: Craig Caughlin
>> Cc: [email protected]
>> Subject: Re: [leaf-user] No DHCP address to the DMZ :-(
>>
>>
>> Hi Craig,
>>
>>
>>> Hi Eric,
>>> The only thing I have done to get things up and running is:
>>>
>>>
>>> I've uncommented "dhcp-range=192.168.1.1,192.168.1.199,12h" in the
>>> /etc/dnsmasq.conf file. Do I need to do something different?
>>>
>>>
>> No, that's enough to serve dhcp addresses.
>>
>>
>>> Also, should I add another interface in /etc/dhcpc/config ? I see at
>>> the bottom it says, # Add other interfaces here *)
>>> ;;
>>>
>>>
>>> Should I add eth2? What does the syntax look like?:
>>>
>>>
>>> # Add other interfaces here
>>> *)
>>> eth2 ;;
>>>
>>>
>>> Is that right (and/or do I even need to worry about it?)?
>>>
>>>
>> This is the configuration of dhcpcd, the dhcp client. You don't need
>> to worry about that.
>>
>>> Thank you! :-)
>>>
>>>
>> Is it working now in the dmz?
>>
>>
>>> Craig
>>>
>>>
>> Eric
>>
>>
>>> -----Original Message-----
>>> From: Eric Spakman [mailto:[EMAIL PROTECTED]
>>> Sent: Saturday, December 23, 2006 10:35 AM
>>> To: Craig Caughlin
>>> Cc: [email protected]
>>> Subject: Re: [leaf-user] No DHCP address to the DMZ :-(
>>>
>>>
>>> Hi Craig,
>>>
>>>
>>>> Hi folks,
>>>> Happy Holidays. :-)
>>>>
>>>>
>>> Happy Holidays to you ;-)
>>>
>>>
>>>> I'm using the new, Bering uClibc 3.0, and my LAN connections
>>>> to/from the web, etc. work great.
>>>>
>>>> Now, I'm trying to set up a wireless router in my DMZ, and it's not
>>>>
>> getting
>>>> a dynamic IP address (I have confirmed this by connecting a laptop
>>>> via crossover cable directly to the DMZ NIC). Here's my scenario:
>>>>
>>>> 1. I'm using the new, Bering uClibc 3.0
>>>> 2. ip addr show displays:
>>>>
>>>>
>>>> eth0: mtu 1500 qdisc pfifo_fast qlen 1000
>>>> link/ether 00:02:e3:1d:e2:a5 brd ff:ff:ff:ff:ff:ff inet
>>>> 67.164.217.61/23 brd 255.255.255.255 scope global eth0
>>>>
>>>>
>>>> eth1: mtu 1500 qdisc pfifo_fast qlen 1000
>>>> link/ether 00:02:e3:23:c1:1f brd ff:ff:ff:ff:ff:ff inet
>>>> 192.168.1.254/24 brd 192.168.1.255 scope global eth1
>>>>
>>>>
>>>> eth2: mtu 1500 qdisc pfifo_fast qlen 1000
>>>> link/ether 00:02:e3:22:a0:51 brd ff:ff:ff:ff:ff:ff inet
>>>> 192.168.1.100/24 brd 192.168.1.255 scope global eth2
>>>>
>>>>
>>>> 3. I uncommented the DMZ section of /etc/network/interfaces
>>>> 4. I have the following changes to Shorewall:
>>>>
>>>>
>>>> /etc/shorewall/zones - Uncommented the DMZ line
>>>> /etc/shorewall/policy - DMZ > NET > ACCEPT
>>>> /etc/shorewall/rules - DNS/ACCEPT dmz > fw, Ping/ACCEPT dmz > fw,
>>>> and
>>> ACCEPT
>>>
>>>> fw dmz > icmp /etc/shorewall/interfaces - dmz eth2 detect dhcp
>>>> /etc/shorewall/masq - Unchanged
>>>> /etc/shorewall/routestopped - Unchanged
>>>>
>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share
> your opinions on IT & business topics through brief surveys - and earn
> cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> ------------------------------------------------------------------------
> leaf-user mailing list: [email protected]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> Support Request -- http://leaf-project.org/
>
>
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
------------------------------------------------------------------------
leaf-user mailing list: [email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
