mess-mate wrote: > Tom Eastep wrote: > > >> mess-mate wrote: >> >> >>> Here is: >>> - a shorewall dump from the router: status-router.txt >>> - a diagram : diagram-lan.txt >>> The answer for your last question (So, if you "shorewall clear" on the >>> Vserver host, does everything start working perfectly? ) is no. This is >>> why i add a shorewall dump of the router machine. >>> I can't access the internet from my vserver-guest >>> I can ping from the router to the vserver-guest and vice-versa. >>> >> Two questions: >> >> a) What possible reason would you have for placing the vserver guest >> in an IP network different from the host? That seems like a strategy >> designed to confuse you and keep things from working. >> >> b) What default gateway have you defined for the vserver guest? Better >> yet, what is the output of "ip route ls" on that "system". >> >> -Tom >> ------------------------------------------------------------------------ >> >> >> > Attached the ip route ls from the guest. > > The reason of a different ip on the guest is to have a better form to > that of chrooting the webserver. > The vserver people recommend it and said it works without any problem. > I can now ping from the router when i added this rule to the host: > Ping/ACCEPT dmz:192.168.20.254 $FW ( as you can see on the > early sended status.txt of the host) > and this for ping 192.168.30.1. > > mess-mate > > > ------------------------------------------------------------------------ > > 192.168.20.0/24 dev eth1 proto kernel scope link src 192.168.20.1 > 192.168.30.0/24 dev eth1 proto kernel scope link src 192.168.30.1 > default via 192.168.20.254 dev eth1 > > ------------------------------------------------------------------------ > > Hi folks, i can access internet now since i changed (hard configured) /etc/resolv.conf. Normaly in debian /etc/resolv.conf is not to be done because there is a /etc/resolvconf directory who's do the job.
But have take's a few seconds to get access, is not instanenous as usely and i don't know what this warning on the router does here: Apr 17 13:49:45 router kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= SRC=86.122.119.233 DST=86.192.36.220 LEN=48 TOS=0x0 Apr 17 13:49:48 router kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= SRC=86.122.119.233 DST=86.192.36.220 LEN=48 TOS=0x0 IP 86.192.36.220 is the dynamically allowed ip from my ISP. mess-mate ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
