Phillipus Gunawan wrote: > Hi There, > > Re-work my question earlier, also by putting result from '/sbin/shorewall > dump' which attached on 'status.txt' and i am sorry for not making it as gzip > > I also will repeat the post earlier for better understanding my question > (hey, I am looking for the answers.....) > > > Shorewall version 4.0.14 > Debian Etch > Webmin Version 1.441 > > eth0 -> 10.1.1.1 connected to a router, act as gateway for other hosts > eth1 -> 10.1.1.4 connected to wireless router > eth2 -> connected to adsl bridged modem, working OK using RP-PPPoE, outputing > ppp0 with correct ip from TPG >
The answer hasn't changed -- your IP configuration is unworkable. Your problem has nothing to do with Shorewall. > ~# ifconfig > eth0 Link encap:Ethernet HWaddr 00:E0:4C:50:18:FD > inet addr:10.1.1.1 Bcast:10.255.255.255 Mask:255.0.0.0 > UP BROADCAST MULTICAST MTU:1500 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > Interrupt:201 Base address:0x8000 > > eth1 Link encap:Ethernet HWaddr 00:E0:4C:50:16:70 > inet addr:10.1.1.4 Bcast:10.255.255.255 Mask:255.0.0.0 > inet6 addr: fe80::2e0:4cff:fe50:1670/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:2388 errors:0 dropped:0 overruns:0 frame:0 > TX packets:3341 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:305137 (297.9 KiB) TX bytes:2690271 (2.5 MiB) > Interrupt:209 Base address:0xc000 eth0 and eth1 have identical IP configurations except for the IP address. THAT WON'T WORK. See http://www.shorewall.net/two-interface.htm#Wireless -- it isn't an accident that in that example the wireless segment is on a different subnet from the wired systems. Your configuration produces this routing table (from the dump): 10.20.20.125 dev ppp0 proto kernel scope link src 220.244.8.194 10.0.0.0/8 dev eth1 proto kernel scope link src 10.1.1.4 10.0.0.0/8 dev eth0 proto kernel scope link src 10.1.1.1 default dev ppp0 scope link The second route completely masks the third one so no traffic can ever be routed out of eth0. If you are unfamiliar with IP addressing and routing, see http://www.shorewall.net/shorewall_setup_guide.htm#Addressing or any introductory text on IPv4 networking. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
