Would it be ok for me to email you off list to get some help with a new
setup of Shorewall that I did?
It would be, but i am not sure if i can help you, because i have
dropped shorewall and i am no firewall expert.
I would suggest you to look at the shorewall guides at the shorewall
homepage, th
Daniel,
Would it be ok for me to email you off list to get some help with a new
setup of Shorewall that I did?
Thanks,
Shawn
On 1/23/07, Daniel Pielmeier <[EMAIL PROTECTED]> wrote:
Hi all,
i solved my problem by the help of the shorewall mailing list.
The shorewall maintainer Tom Eastep he
Hi all,
i solved my problem by the help of the shorewall mailing list.
The shorewall maintainer Tom Eastep helped me with a quick answer.
It has nothing to do with shorewall so there is no file of shorewall
causing this troubles.
When i set up internet connection with pppoe-setup i have activate
On Sat, 2007-01-20 at 23:01 +0100, Daniel Pielmeier wrote:
> > The only last thing I could suggest is running lsof to see what files
> > are being accessed when you start the net.eth1 script.
>
> I tried lsof, but is there a possibility to run it constantly or for a
> specified time to catch the c
The only last thing I could suggest is running lsof to see what files
are being accessed when you start the net.eth1 script.
I tried lsof, but is there a possibility to run it constantly or for a
specified time to catch the complete progress of the script, like the
top command to monitor all fi
On Fri, 2007-01-19 at 10:08 +0100, Daniel Pielmeier wrote:
> Another thing i will try is to reemerge shorewall put my configuration
> back run shorewall and search for the files which have changed
> recently.
good idea, if you have the space you can just `cp -a /etc /etc.old`
(only 124M here). Th
Hi all!
Thank you very much for trying to help me on this strange things. I
hope i didn't have overseen a very simple thing which causes this
problem.
dale wrote
[EMAIL PROTECTED] / # equery files shorewall
[ Searching for packages matching shorewall... ]
* Contents of net-firewall/shorewall-3
On 19 January 2007 08:45, Iain Buchanan wrote:
> On Fri, 2007-01-19 at 02:10 +0100, Daniel Pielmeier wrote:
> > > hmm, shorewall must have done something that's more persistent.
>
> ...
>
> > > Well, these idea's are really stabbing in the dark, but you gotta start
> > > somewhere!
> >
> > thanks f
On Fri, 2007-01-19 at 01:01 -0600, Dale wrote:
> Iain Buchanan wrote:
> >
> > ah yes, I recall the cruft script! Does it exclude any directories?
> >
> > If there is nothing shorewall related left, then the only explanation is
> > that shorewall must have edited an existing file somewhere... whi
Iain Buchanan wrote:
>
> ah yes, I recall the cruft script! Does it exclude any directories?
>
> If there is nothing shorewall related left, then the only explanation is
> that shorewall must have edited an existing file somewhere... which
> seems strange... hal? udev? who knows!
>
> The only last
On Fri, 2007-01-19 at 02:10 +0100, Daniel Pielmeier wrote:
> > hmm, shorewall must have done something that's more persistent.
...
> > Well, these idea's are really stabbing in the dark, but you gotta start
> > somewhere!
>
> thanks for your hints, i checked all these things but there seems
> noth
Iain Buchanan wrote:
>
>
> Is there a /etc/shorewall directory? Perhaps someone who has it
> installed could do `equery files shorewall` so you could check that it
> really is deleted.
>
> Well, these idea's are really stabbing in the dark, but you gotta start
> somewhere!
>
> HTH,
>
Here you
hmm, shorewall must have done something that's more persistent.
Have a look at /etc/runlevels, and make sure there is no shorewall stuff
left in there.
Also look in /etc/conf.d/net* and make sure there is no postup functions
lying around.
And make sure /etc/init.d/net.eth1 is a symlink to /etc/
On Thu, 2007-01-18 at 12:11 +0100, Daniel Pielmeier wrote:
> the way i have applied my rules is as follows
>
> first i load them with my generated script
> then i invoke /etc/init.d/iptables save
> and to be sure i do an /etc/init.d/iptables restart
> iptables -L, iptables -L -t nat, iptables -L
On Thu, 18 Jan 2007 12:11:34 +0100
"Daniel Pielmeier" <[EMAIL PROTECTED]> wrote:
> Excuse me, but my problem is not that my tables are not working, they
> work very well. I applied forwarding and masquerading, also a basic
> set of filtering rules which block all access from outside.
oops. sorry
If you really removed shorewall from your runlevel (rc-update del shorewall
default) try this:
rm /var/lib/iptables/rules-save
i have removed shorewall from my runlevels and added iptables
Did you do a /etc/init.d/iptables save by any chance? That's the only
thing I can think of.
the way i
Daniel Pielmeier wrote:
>> I've been holding back on replying for a while now, but I think you
>> should try a simple iptables setup like this one:
>
> Excuse me, but my problem is not that my tables are not working, they
> work very well. I applied forwarding and masquerading, also a basic
> set o
On 18 January 2007 11:25, Daniel Pielmeier wrote:
> > I've been holding back on replying for a while now, but I think you
> > should try a simple iptables setup like this one:
>
> Excuse me, but my problem is not that my tables are not working, they
> work very well. I applied forwarding and masque
I've been holding back on replying for a while now, but I think you
should try a simple iptables setup like this one:
Excuse me, but my problem is not that my tables are not working, they
work very well. I applied forwarding and masquerading, also a basic
set of filtering rules which block all a
On Wed, 17 Jan 2007 20:02:54 +0100
"Daniel Pielmeier" <[EMAIL PROTECTED]> wrote:
> Hi again,
>
> it seems that i was running in another problem.
>
> This are my current iptables!
> ...
> What could be the problem here? Is the net init-script changing my
> rules? I think i have removed shorewall
Hi again,
it seems that i was running in another problem.
This are my current iptables!
Chain INPUT (policy ACCEPT)
target prot opt source destination
block all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source dest
Hans-Werner Hilse wrote:
>
> Thanks for that link. The document is _very_ good and complete. But I
> don't think it's particularly well suited for beginners.
>
> My suggestion would probably be very conservative: netfilter.org's own
> docs. http://www.netfilter.org/documentation/index.html
>
> -hwh
On Tue, 2007-01-16 at 13:10 +0100, Daniel Pielmeier wrote:
> I haven't found a how-to like this. Do you know a good how-to?
for linux howto's, I highly recommend tldp:
http://tldp.org/HOWTO/HOWTO-INDEX/networking.html#NETROUTING
try the Masquerading-Simple-HOWTO.
HTH,
--
Iain Buchanan
No wom
Thanks for that link. The document is _very_ good and complete. But I
don't think it's particularly well suited for beginners.
My suggestion would probably be very conservative: netfilter.org's own
docs. http://www.netfilter.org/documentation/index.html
I have now applied your masquerading and
Thanks for that link. The document is _very_ good and complete. But I
don't think it's particularly well suited for beginners.
My suggestion would probably be very conservative: netfilter.org's own
docs. http://www.netfilter.org/documentation/index.html
np, i thought when i have to learn iptable
Hi,
On Tue, 16 Jan 2007 13:10:45 +0100 "Daniel Pielmeier"
<[EMAIL PROTECTED]> wrote:
> > > Thanks, so i think that i have to get familiar with iptables
> > > itself, because i want to some more than routing. I will try this
> > > rules in the evening and tell you if it works.
> >
> > No fears, ip
> > Personally, I'm quite happy with
> >
> > $ iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> > $ iptables -A FORWARD -i eth0 -m state --state NEW,ESTABLISHED,RELATED -j
ACCEPT
> > $ iptables -A FORWARD -i ppp0 -m state --state NEW,ESTABLISHED,RELATED -j
ACCEPT
Aaargh! That last one sho
Hi,
On Tue, 16 Jan 2007 09:03:59 +0100 "Daniel Pielmeier"
<[EMAIL PROTECTED]> wrote:
> > Personally, I'm quite happy with
> >
> > $ iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> > $ iptables -A FORWARD -i eth0 -m state --state NEW,ESTABLISHED,RELATED -j
> > ACCEPT
> > $ iptables -A FOR
But everything looks quite normal, except for that packets aren't
routed. So its up to somebody else to tell exactly what that "policy"
module in iptables does -- and how. I don't have answers left here --
except for the case that a manual iptables setup is sufficient.
Personally, I'm quite happy
Again the quick & dirty solution:
/etc/init.d/iptables stop
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
/etc/init.d/iptables save
rc-update -a iptables default
/etc/init.d/iptables start
--
Best regards,
Daniel
--
gentoo-user@gentoo.org mailing list
Hans-Werner Hilse wrote:
> Hi,
>
> On Tue, 16 Jan 2007 00:30:30 +0100
> "Daniel Pielmeier" <[EMAIL PROTECTED]> wrote:
>
>
>>> - is forwarding actually really enabled? Just "cat" the
>>> relevant /proc/sys/net/ipv4/ip_forward.
>>>
>> cat /proc/sys/net/ipv4/ip_forward
>> returns 1
>>
>>
Hi,
On Tue, 16 Jan 2007 00:30:30 +0100
"Daniel Pielmeier" <[EMAIL PROTECTED]> wrote:
> > - is forwarding actually really enabled? Just "cat" the
> > relevant /proc/sys/net/ipv4/ip_forward.
>
> cat /proc/sys/net/ipv4/ip_forward
> returns 1
>
> > So remaining things to check would be
> > - wher
- is forwarding actually really enabled? Just "cat" the
relevant /proc/sys/net/ipv4/ip_forward.
cat /proc/sys/net/ipv4/ip_forward
returns 1
So remaining things to check would be
- where do packets do what? Use "tcpdump" on the router to monitor
how packets flow. Don't cite all the output,
Hi,
On Mon, 15 Jan 2007 19:17:45 +0100
"Daniel Pielmeier" <[EMAIL PROTECTED]> wrote:
> > Send the output from "iptables-save", please. Otherwise we could only
> > guess if the problem is with your firewall rules or somewhere else.
>
> Here we go!
>
> # Generated by iptables-save v1.3.5 on Mon J
Hi,
On Mon, 15 Jan 2007 19:23:53 +0100
"Daniel Pielmeier" <[EMAIL PROTECTED]> wrote:
> > No, that's (usually) correct. But in the route excerpt you've cited
> > above (please post "route -n" next time!) the route for "localhost" was
> > set to "dev eth0". Also, the subnet was a /24 one, instead o
Another thing that makes me wonder is that the home router guide did
nothing mention about name_servers or gateways.
According to the guide this line seems to be enough:
config_eth0=( "192.168.0.2 broadcast 192.168.0.255 netmask 255.255.255.0" )
But without the routes setting i get "network unr
> I think localhost is assigned to 127.0.0.1, or did i misunderstood
> something?
No, that's (usually) correct. But in the route excerpt you've cited
above (please post "route -n" next time!) the route for "localhost" was
set to "dev eth0". Also, the subnet was a /24 one, instead of the
usual /8
Send the output from "iptables-save", please. Otherwise we could only
guess if the problem is with your firewall rules or somewhere else.
Here we go!
# Generated by iptables-save v1.3.5 on Mon Jan 15 19:09:43 2007
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPU
> I think localhost is assigned to 127.0.0.1, or did i misunderstood
> something?
No, that's (usually) correct. But in the route excerpt you've cited
above (please post "route -n" next time!) the route for "localhost" was
set to "dev eth0". Also, the subnet was a /24 one, instead of the
usual /8
Hi,
On Mon, 15 Jan 2007 11:45:13 +0100 "Daniel Pielmeier"
<[EMAIL PROTECTED]> wrote:
> > This here:
> >
> > > /etc/hosts
> > >
> > > 127.0.0.1 localhost
> > > 192.168.0.1 gentoo-vdr.linux gentoo-vdr
> > > 192.168.0.2 gentoo.linux gentoo
> > > ::1 localhost
>
> I think l
> route
>
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> dslb-088-067-01 * 255.255.255.255 UH0 00 ppp0
> localhost * 255.255.255.0 U 0 00 eth0
> loopback*
Hi,
On Sun, 14 Jan 2007 20:27:11 +0100 "Daniel Pielmeier"
<[EMAIL PROTECTED]> wrote:
> I can connect from the router to the internet.
> I can log in from the router to the desktop per ssh and back.
> I have set up an rsync on the router and rsync works from the desktop.
> I have set up dnsmasq on
Send the output from "iptables-save", please. Otherwise we could only
guess if the problem is with your firewall rules or somewhere else.
Ok, i will do that when i am back home. i thought the output from
"iptables -L" in my original post was enough.
--
gentoo-user@gentoo.org mailing list
Daniel Pielmeier wrote:
>> I would check that you have done:
>>
>> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> I think this is set, but i will check again.
>
>> Also make sure ICMP isn't blocked anywhere.
>
> I have only blocked ping from the internet to the firewall and nowhere
> else.
Send the o
I would check that you have done:
echo 1 > /proc/sys/net/ipv4/ip_forward
I think this is set, but i will check again.
Also make sure ICMP isn't blocked anywhere.
I have only blocked ping from the internet to the firewall and nowhere else.
--
gentoo-user@gentoo.org mailing list
> -Original Message-
> From: Daniel Pielmeier [mailto:[EMAIL PROTECTED]
> Sent: 14 January 2007 19:27
> To: gentoo-user@lists.gentoo.org
> Subject: [gentoo-user] Setting up a home router
>
> I can't ping from the desktop to the internet.
> ping www.gen
Hmmm, me either. I'm not sure about what it would be called. Do you
have gkrellm installed? Sometimes I use it to see where the traffic
is. That is how I knew it was iptables in my other thread. The data
was getting there because gkrellm was seeing it but my system was not.
No clue how one ca
Daniel Pielmeier wrote:
>> Are you on dial-up too? The EXTIF='ppp0' may need to be eth0 for you if
>> you are using a DSL or cable connection.
>
> I use an adsl-modem to connect to the internet. It is configured over
> eth1 but the connection runs over ppp0 so i think this is right, but i
> am no
Are you on dial-up too? The EXTIF='ppp0' may need to be eth0 for you if
you are using a DSL or cable connection.
I use an adsl-modem to connect to the internet. It is configured over
eth1 but the connection runs over ppp0 so i think this is right, but i
am not sure.
--
gentoo-user@gentoo.org m
Thomas Lingefelt wrote:
> Honestly for making a router ShoreWall really helps out. Shorewall is
> basically a set of scripts that read configuration files that you set up
> and then interacts with iptables for you.
>
> http://www.shorewall.net/
> http://www.shorewall.net/shorewall_quickstart_guide
Daniel Pielmeier wrote:
>> I used this script a long time ago. It worked until iptables got
>> changed. It still worked but it gave a few errors. Maybe some guru can
>> look at this and update it for us both. Then maybe I can get someone to
>> upgrade the script on the site. I had to edit the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Honestly for making a router ShoreWall really helps out. Shorewall is
basically a set of scripts that read configuration files that you set up
and then interacts with iptables for you.
http://www.shorewall.net/
http://www.shorewall.net/shorewall_qu
I used this script a long time ago. It worked until iptables got
changed. It still worked but it gave a few errors. Maybe some guru can
look at this and update it for us both. Then maybe I can get someone to
upgrade the script on the site. I had to edit the very first bit about
which interfac
Daniel Pielmeier wrote:
> Hi,
>
> I have a similar problem like Dale in this thread [gentoo-user] Need
> help networking two machines, but i think it is not exactly the same.
>
> I was trying to set up a home router following the
> gentoo-home-router-guide
> http://www.gentoo.org/doc/de/home-router
Hi,
I have a similar problem like Dale in this thread [gentoo-user] Need
help networking two machines, but i think it is not exactly the same.
I was trying to set up a home router following the
gentoo-home-router-guide
http://www.gentoo.org/doc/de/home-router-howto.xml
with shorewall as firewall
55 matches
Mail list logo
