>Can I ask what you are using to set up your WLAN?
Of course.
As a software I use hostapd+dhcp and as a hardware mpcie Qualcomm
Atheros AR9380 AR5BHB112 card:
https://wikidevi.com/files/Atheros/specsheets/AR9380.pdf
In my 'Ubuntu server' 17.10 adapted as a home router/server I set this
card as
Glad it's working.
I have a friend that is trying to set up his WLAN interface as an access
point/gateway.
Can I ask what you are using to set up your WLAN?
Bill
On 2/2/2018 2:54 AM, Bernard Drozd wrote:
Thank you Bill :-)
After adding two rows you suggested to the '/etc/shorewall/policy' ro
Thank you Bill :-)
After adding two rows you suggested to the '/etc/shorewall/policy'
routing works fine.
My 'policy' file is now:
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
loc net ACCEPT
$FW net ACCEPT
$FW loc ACCEPT
loc $
Try adding to policy:
fw loc ACCEPT
loc fw ACCEPT
So devices on loc can ping the gateway? Ping www.google.com?
Bill
On 2/1/2018 1:29 PM, Bernard Drozd wrote:
Hi,
>When you say that the LAN can't connect to the internet, are the LAN devices
using 10.10.10.1 for their gateway?
Yes
Hi,
>When you say that the LAN can't connect to the internet, are the LAN
devices using 10.10.10.1 for their gateway?
Yes, see below:
ela@akacja:~$ arp
Address HWtype HWaddress Flags
Mask Iface
10.10.10.13 ether f4:6d:04:63:aa:64 C
When you say that the LAN can't connect to the internet, are the LAN devices
using
10.10.10.1 for their gateway?
Since you been through many revisions of your Shorewall configuration, it would
be
helpful to list the following files again:
params
rules
zones
interfaces
hosts
policy
I noticed in
>What is the contents of /etc/shorewall/snat?
SNAT(192.168.15.145) 10.10.10.0/24 enp1s0
I receive private address 192.168.15.145 (configured as static) from my
ISP which is seen as public 46.xxx.xxx.xxx
>Also show the output of these two commands run on the
Shorewall/gateway machine:
>i
If a device on the LAN can't get to the internet through the Shorewall/gateway,
it
points the finger at /etc/shorewall/snat not being correct.
What is the contents of /etc/shorewall/snat?
Also show the output of these two commands run on the Shorewall/gateway machine:
ip -o -4 addr
ip -o -4 rou
So I guess that after checking and correcting the shorewall's
configuration files routing (eg connecting from LAN to the internet)
should work.
But in fact it doesn't.
Please log on my testing machine and check what could disable/block
shorewall :
http://drive.google.com/uc?export=view&id=1
On 1/31/2018 8:24 AM, Bernard Drozd wrote:
> Hi,
>
>>> DNS(ACCEPT) $FW net
>> This is superfluous given your policy '$FW net ACCEPT".
> I corrected this in /etc/shorewall/rules by commenting this line.
>
Good.
>> From:
>> http://shorewall.org/manpages/shorewall-rules.html
>> "Warning
Hi,
DNS(ACCEPT) $FW net
This is superfluous given your policy '$FW net ACCEPT".
I corrected this in /etc/shorewall/rules by commenting this line.
From:
http://shorewall.org/manpages/shorewall-rules.html
"Warning
If you masquerade or use SNAT from a local system to the internet, you
On 1/30/2018 5:22 PM, Matt Darfeuille wrote:
> On 1/30/2018 1:34 PM, Bernard Drozd wrote:
>>> It refers here to your wan interface.
>>> Is your wan interface configured by dhcp (does it get an dinamic IP)?
>> No. My wan interface has static 192.168.15.145 address (which is seen
>> from outside/int
On 1/30/2018 11:22 AM, Matt Darfeuille wrote:
ACCEPT net $FW tcp 6535
ACCEPT net $FW udp 6534
ACCEPT net $FW tcp 22
From:
http://shorewall.org/manpages/shorewall-rules.html
"Warning
If y
On 1/30/2018 1:34 PM, Bernard Drozd wrote:
>> It refers here to your wan interface.
>> Is your wan interface configured by dhcp (does it get an dinamic IP)?
> No. My wan interface has static 192.168.15.145 address (which is seen
> from outside/internet as public 46.xxx.xxx.xxx address).
> So I've
On 1/30/2018 7:34 AM, Bernard Drozd wrote:
It refers here to your wan interface.
Is your wan interface configured by dhcp (does it get an dinamic IP)?
No. My wan interface has static 192.168.15.145 address (which is seen from
outside/internet as public 46.xxx.xxx.xxx address).
So I've changed
It refers here to your wan interface.
Is your wan interface configured by dhcp (does it get an dinamic IP)?
No. My wan interface has static 192.168.15.145 address (which is seen from
outside/internet as public 46.xxx.xxx.xxx address).
So I've changed content of /etc/shorewall/snat to:
SNAT(192.
On 1/30/2018 10:54 AM, Bernard Drozd wrote:
>>"MASQUERADE should only be used when the DEST interface has a dynamic
> IP address. Otherwise, SNAT should be used and should specify the
> interface's static address."
> So my (/etc/shorewall/snat) configuration should work:
>
> MASQUERADE 10.10.10
On 1/29/2018 7:49 PM, Bernard Drozd wrote:
>> From what you describe below you should maybe use:
>> http://shorewall.org/three-interface.htm
>
> I guess I need the guidance from:
> http://shorewall.org/two-interface.htm#Wireless
> LAN and WLAN works in the same zone
>
>> What did you try...
> I
kernel scope link src 192.168.15.145
From: c.mo...@web.de
Sent: Monday, January 29, 2018 6:07 PM
To: shorewall-users@lists.sourceforge.net
Subject: Re: [Shorewall-users] Ubuntu 17.10 Shorewall configuration?
Hello Bernard,
please read the reporting guidelines documented here
http
On 1/29/2018 5:36 PM, Bernard Drozd wrote:
> Hi,
> I'm new in the firewalls.
> I'm trying to set up Shorewall on the newest testing ubuntu server 17.10
> in the most common configuration as firewall with two interfaces (and
> WIFI).
> http://shorewall.org/two-interface.htm
From what you describe
Hello Bernard,
please read the reporting guidelines documented here http://shorewall.net/support.htm and provide the requested information for further analysis.
Regards
Thomas
Gesendet: Montag, 29. Januar 2018 um 17:36 Uhr
Von: "Bernard Drozd"
An: shorewall-users@lists.sourceforge.ne
21 matches
Mail list logo