I think the cable is good. I'll try testing it by connecting b/w two
computers that I know have good network setups. At present the end connected
to eth1 is wire scheme A, and the end plugged into the client is wire scheme
B ...
/etc/shorewall/masq:
eth1:192.168.1.1 eth1 192.168.1.1 tcp www
You want something more like:
#INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC
eth0 eth1
I made the changes you mentioned:
/etc/shorewall/init
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 eth1
Dump it
After doing so I issued shorewall clear and tried to ping my client (
192.168.1.2). Still destination unreachable. Is that to be expected, or now
that the fw is stopped, should the client be replying (if my network
settings on my firewall are correct and my x-over cable are good)? I can
still ping 192.168.1.1 from the firewall.
On 2/2/07, Bryan Vukich <[EMAIL PROTECTED]> wrote:
On Fri, 2007-02-02 at 08:46 -0500, Shawn Singh wrote:
> Hello List,
>
> This is my first post to the list, and as such I apologize for the
> length of it. I tried to put as much detail into this as possible.
>
> I recently installed Shorewall on a computer running Gentoo Linux. The
> computer has 3 network cards in it, but I've only configured 2. Going
> the cheap route, I'm connecting my client directly to my firewall
> using a crossover cable.
>
> When I try to access the Internet from my client, the operation times
> out.
>
> Client is running Windows XP Home Edition.
> Card is set to Auto-negotiate the speed and duplex.
>
> Firewall is running Gentoo Linux ( 2006.1).
> The version of shorewall I have installed is: 3.0.8
> eth0 is connected to a cable modem and gets its IP information via
> DHCP from my ISP.
> eth1 reports the following information from ifconfig eth1:
>
> eth1 Link encap:Ethernet HWaddr 00:10:B5:0E:D6:E9
> inet addr:192.168.1.1 Bcast:192.168.1.255
> Mask:255.255.255.0
> UP BROADCAST MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
> Interrupt:10 Base address:0x6c00
>
> My routing table is as follows:
>
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref
> Use Iface
> 192.168.1.0 192.168.1.1 255.255.255.0 UG 0 0
> 0 eth1
Get rid of the above route.
> 192.168.1.0 * 255.255.255.0 U 0 0
> 0 eth1
> c-71-203-144-0. * 255.255.252.0 U 0 0
> 0 eth0
> loopback * 255.0.0.0 U 0 0
> 0 lo
> default c-71-203-144-1. 0.0.0.0 UG 0 0
> 0 eth0
>
> One thing that I noticed is if I do mii-tool eth1 I get:
> eth1: no link
This should not show no link. Does the client show it's interface as
up? Are you sure your x-over cable is good? This it the root of your
problem.
>
> /etc/shorewall/masq:
> eth1:192.168.1.1 eth1 192.168.1.1 tcp www
You want something more like:
#INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC
eth0 eth1
Keep it simple like that until you know things are working.
> I was getting an error when I initially setup shorewall telling me
> that the route had not been defined for my internal interface at the
> point where the firewall was trying to start, so I placed the
> following entry into
> /etc/shorewall/init
> route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 eth1
Dump it
Thanks,
--
Bryan Vukich
Network Administrator
The Olson Company
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job
easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
--
"Doing linear scans over an associative array is like trying to club someone
to death with a loaded Uzi."
Larry Wall
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
