There are 2 problems with your desired setup: 1) you are using the term 'subnet' incorrectly. A subnet is a separately routable slice of the same network range (e.g. IP network 192.168.0.0 with a subnet mask 255.255.255.248 allows subnet addresses in the range 192.168.0.1 to 192.168.0.8 only. YOu must have a clear understanding of why this is TRUE - see http://www.shorewall.net/shorewall_setup_guide.htm .
2) You cannot have two machines on the same network with the same IP address - that is like having two houses on the same road having the same house number - who does the postman (IP layer) deliver to? It seems to me you want 2 networks with 2 identical ranges of IP addresses... this is the same as having 2 streets with the same name (Mao Tse Tung Avenue) and with the same address (no 1,2,3 & 4). Why would any city or town need this? Please explain WHY you want identical addresses on two class C networks. If you cannot answer this question then set shorewall up according to the 3 interface example in the documentation at http://www.shorewall.net/three-interface.htm . First deal with NET_A and when you have it working according to your expectation then progress to NET_B... regards, Werner On Fri, 2008-08-29 at 15:15 +0200, hOZONE wrote: > hello, > > i use shorewall for a gateway with two different subnet. > i have two cards > eth1 (wifi card) onnected to internet by a router (192.168.1.1) > eth0 (rj45 card) which i use to connect pc to internet (NET_B) > > > ACTUALLY > ------------------ > eth1 is 192.168.1.99 with gateway and dns server 192.168.1.1 > eth0 is 192.168.2.1 > > wifi router (192.168.1.1) > |-> eth1 (192.168.1.99) - shorewall - eth0 (192.168.2.1) <-> NET_B > (192.168.2.0/24) > |-> NET_A (192.168.1.0/24) > > dnsmasq is listening to eth0 > a dhcp server is running on eth0 assign range 192.168.2.100 to > 192.168.2.200 with gateway and dns 192.168.2.1 > > shorewall is running as a firewall and bridge, doing masq from eth0 to > eth1, and blocking traffic from eth1 to eth0 > -- /etc/shorewall/masq contains lines > eth1 eth0 > -- /etc/shorewall/rules contains lines (where loc is eth1 and net is eth0) > DROP net:192.168.1.0/24 loc:192.168.2.0/24 all - > > --my /etc/network/interfaces looks like this: > auto eth0 > iface eth0 inet static > address 192.168.2.1 > netmask 255.255.255.0 > > auto eth1 > iface eth1 inet static > address 192.168.1.103 > netmask 255.255.255.0 > network 192.168.1.0 > broadcast 255.255.255.255 > gateway 192.168.1.1 > wireless-essid myessidap > > > WHAT I WANT > --------------- > i would like my NET_B to have the same subnet of NET_A but they should > be "separated" by shorewall. > for example a pc in NET_A should have 192.168.1.10 ip, and a pc in NET_B > should have 192.168.1.10, but they should not see each other and they > should not conflict > > wifi router (192.168.1.1) > |-> eth1 (192.168.1.99) - shorewall - eth0 (192.168.1.1 OR other) <-> > NET_B (192.168.1.0/24) > |-> NET_A (192.168.1.0/24) > > all traffic from NET_A to NET_B DROPPED > all traffic from NET_B to NET_A DROPPED > > eth0 should be 192.168.1.1 if possible, or should be > 192.168.1.anyothernumber, the important think is that NET_B. > > i've try with proxyarp and nat to make thinks works like this but i'm > not able to do this. > can anyone help me? > > regards, > Davide > > > > > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
