Dave Florek wrote: >I'm having the worst time with Shorewall. I'm a complete noob to it. >I've read all of the documentation regarding Shorewall and >two-interfaces, and I've loaded the example files from >'/usr/src/doc/shorewall/examples' and I didn't change a thing.
You do realise that example config files are just that - examples ? You are expected to configure them to your specific requirements. >I still don't understand what I'm doing wrong. I'm trying to get the >internet from 'eth0' which is connected to my ISP What do you get from "ifconfig eth0" ? >I defined a gateway here, and an address range. I have DNS-MASQ >installed and running which hands out IP addresses on ><http://192.168.0.50/30>192.168.0.50/30. It's probably a little >ridiculous or redundant. I have no clue if it really works. Firstly, can you find the "plain text" option on your mailer so that when you put "192.168.0.50/30" it comes through as "192.168.0.50/30" and doesn't get 'helpfully' mangled to "<http://192.168.0.50/30>192.168.0.50/30" ? It's just a little thing, but little things that make it harder to read and/or cause annoyance like that can make people less inclined to put the time in to help. You need to find out if your local stuff works. If that doesn't work, then trying to fix (if indeed it's even broken) Shorewall is going to be a futile and frustrating experience. You don't actually need Shorewall running to get your network going , and in fact it is recommended to make sure your network runs BEFORE starting on Shorewall. If your network works and then stops when Shorewall is loaded then you look at your Shorewall config - if it doesn't work at all then it's not Shorewall. "shorewall clear" will turn off everything Shorewall does and leave you with your basic network setup. Offhand I'm not sure what commands you need to give to enable MASQ - but if you are using the network manager from a GUI then I expect that has an option to tick (I don't use the GUI as virtually everything I manage is a headless server). BTW - 192.168.0.50/30 would normally mean a subnet starting at 192.168.0.50 and with a netmask of 255.255.255.252. That would not be a suitable config to hand out to clients as they should have the exact same subnet mask as your gateway (255.255.255.0) - ie they should be in the network 192.168.0.0/24. And I I check that bit of information, I see your eth1 config is wrong : the network address for that config is 192.168.0.0, and in fact you should just omit that lien anyway since the system will calculate the correct value for itself. >It says it can't bind to eth1 because eth1 is already in use. >However, a laptop connected to eth1 displays 192.168.0.76 for an IP >address and the gateway 192.168.0.2. So, I know that works. Err, no you don't know that works at all ! I'd hazard a guess that you have a DHCP server running on eth1, and that means you can't start another one (as part of DNS-MASQ) since the prots it needs to use are already in use. 192.168.0.76 is not part of the address range you say you configured DNS-MASQ to hand out, which suggests it did come from there. >I can partially ping 'www.google.com'. It'll resolve >'www.google.com' to the correct IP address and domain name, but the >packets keep timing out 100%. I can get the internet thru my devices >connected to 'eth1' if I use ProxyARP, but it disables all of my >outgoing traffic on 'eth0'. The old "this isn't working so I'll pick some random thing and try it" approach to fixing things ! >All I'm trying to do is gateway my computer with two ethernet NIC's >and I'm failing miserably at it and I've been banging my head >against a wall for the past week trying to figure it out. You might have less bruises if you'd asked for help earlier ! -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Benefiting from Server Virtualization: Beyond Initial Workload Consolidation -- Increasing the use of server virtualization is a top priority.Virtualization can reduce costs, simplify management, and improve application availability and disaster protection. Learn more about boosting the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
