Jay, On 3/13/11 3:11 AM, Jay Ridgley wrote:
> > According to the docs for Adding a Wireless Segment to your Two-Interface > Firewall (http://www.shorewall.net/two-interface.htm) > > The only changes that needed to be made were to add a line to the interfaces > file and one to the masq file. > > The entries I have are: > > the interfaces entries - > net eth0 detect dhcp,tcpflags,routefilter,nosmurfs,logmartians > loc eth3 detect tcpflags,nosmurfs > loc eth4 detect dhcp > > the masq entries - > eth0 eth3 > eth0 eth4 > > The eth4 lines were the ones I added when I set up the wireless access point > last year. I was running Shorewall 4.0.6 then. Now I am running Shorewall > 4.4.6, > are they still valid or should they be the ones below? That form is deprecated; I should update the two-interface doc. > > According to the //http:www.shorewall.net/LennyToSqueeze.html the masq > entries > should now read: > eth0 192.168.139.0/28 > eth0 192.168.139.32/28 That is preferable to what you had previously. You can also just have: eth0 0.0.0.0/0 > > and the interfaces entries should be: > net eth0 detect dhcp,tcpflags,nosmurfs,routefilter,logmartians > loc eth3 detect tcpflags,nosmurfs,routefilter,logmartians > loc eth4 detect dhcp > Either interfaces config is fine. > > The behavior that I am getting is when the firewall system is first booted I > am > able to get to everything but after some period of time the wireless (eth4) > part > quits, even with NO ACTIVITY. I think that is a leases problem, since I can > reset the wireless access point and all is well again... for a while. Problems where a configuration works for a while and then stops working generally can't be laid at the feet of the Shorewall configuration; once 'shorewall start/restart' has completed, the configuration is fixed and doesn't change unless one of your cron jobs is doing something unexpected. You could see that by comparing the output of 'shorewall dump' when the wireless segment is behaving with similar output obtained when it is not; pay particular attention to entries having to do with eth4. Otherwise, I think you need to understand exactly why the connections suddenly stop working. If it is a leases problem, you might see wireless clients switch from a 192.168.139.32/28 address to one in 169.154.0.0/16. Which box runs the DHCP server for the wireless segment? The AP or the Shorewall box? If it is the Shorewall box, then the DHCP server's log should tell you if clients are renewing their leases or not. When it stops working, can you still ping the AP? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
