On Fri, 2007-02-02 at 08:46 -0500, Shawn Singh wrote: > Hello List, > > This is my first post to the list, and as such I apologize for the > length of it. I tried to put as much detail into this as possible. > > I recently installed Shorewall on a computer running Gentoo Linux. The > computer has 3 network cards in it, but I've only configured 2. Going > the cheap route, I'm connecting my client directly to my firewall > using a crossover cable. > > When I try to access the Internet from my client, the operation times > out. > > Client is running Windows XP Home Edition. > Card is set to Auto-negotiate the speed and duplex. > > Firewall is running Gentoo Linux ( 2006.1). > The version of shorewall I have installed is: 3.0.8 > eth0 is connected to a cable modem and gets its IP information via > DHCP from my ISP. > eth1 reports the following information from ifconfig eth1: > > eth1 Link encap:Ethernet HWaddr 00:10:B5:0E:D6:E9 > inet addr:192.168.1.1 Bcast:192.168.1.255 > Mask:255.255.255.0 > UP BROADCAST MULTICAST MTU:1500 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > Interrupt:10 Base address:0x6c00 > > My routing table is as follows: > > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref > Use Iface > 192.168.1.0 192.168.1.1 255.255.255.0 UG 0 0 > 0 eth1
Get rid of the above route. > 192.168.1.0 * 255.255.255.0 U 0 0 > 0 eth1 > c-71-203-144-0. * 255.255.252.0 U 0 0 > 0 eth0 > loopback * 255.0.0.0 U 0 0 > 0 lo > default c-71-203-144-1. 0.0.0.0 UG 0 0 > 0 eth0 > > One thing that I noticed is if I do mii-tool eth1 I get: > eth1: no link This should not show no link. Does the client show it's interface as up? Are you sure your x-over cable is good? This it the root of your problem. > > /etc/shorewall/masq: > eth1:192.168.1.1 eth1 192.168.1.1 tcp www You want something more like: #INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC eth0 eth1 Keep it simple like that until you know things are working. > I was getting an error when I initially setup shorewall telling me > that the route had not been defined for my internal interface at the > point where the firewall was trying to start, so I placed the > following entry into > /etc/shorewall/init > route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 eth1 Dump it Thanks, -- Bryan Vukich Network Administrator The Olson Company
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
