On 09/06/2013 04:51 PM, Elio Tondo wrote:
> I use since a lot of time a "classical" two-interfaces setup, with the net
> interface connected to an ADSL modem in half-bridge mode, which receives a
> public IP from the ISP and gives it to the Linux net interface; the lan
> interface has the 192.168.30.0/24 class.
>
> Now I need to change this setup, because my new ISP (that will switch soon to
> a FTTS VDSL2 connection) sent me a VDSL2 WiFi router, and I need to replace
> the old configuration to be ready to the switch to VDSL2. The router LAN and
> WiFi interfaces have the 192.168.1.0/24 class, and the router can be
> configured to forward all connections from Internet to the public IP to a
> host
> in the LAN ("DMZ" function). Since I want to use the WiFi function for
> clients
> in the lan, I am forced to use a sort of "one interface routing", connecting
> the router to the lan interface on the firewall and having the two IP classes
> on the same wire.
>
> I read the documentation on the pages "Shorewall and Aliased Interfaces" and
> "Routing on One Interface", and I tried to follow the indications, but with
> no
> success. Specifically, I have eth0 with IP 192.168.30.1 (lan) and eth0:0 with
> IP 192.168.1.1 (net) configured to use 192.168.1.254 as the default gateway
> (the IP of the router). The lan clients use the lan address of the firewall
> 192.168.30.1 as their default gateway, and the firewall should masquerade.
>
> I did not change the policy and rules files, and I modificed interfaces, masq
> and added a hosts file; these are the relevant lines:
>
> interfaces:
> #ZONE INTERFACE BROADCAST OPTIONS
> - eth0 -
>
> hosts:
> #ZONE HOST(S) OPTIONS
> net eth0:192.168.1.0/24
> loc eth0:192.168.30.0/24
>
> masq:
> #INTERFACE SOURCE ADDRESS ...
> eth0:0 192.168.30.0/24
>
> When shorewall is not started, or after a shorewall clear, the firewall
> connects to the Internet and local clients connect to the firewall, but
> obviously the clients do not connect to the Internet because masquerading is
> not active on the firewall.
>
> When shorewall is started, it stops connecting to the Internet, with a fast
> scrolling series of messages like this:
>
> From 192.168.1.1 icmp_seq=1 Destination Host Unreachable
>
> when I ping any public IP.
>
> I tried to understand the problem, and I narrowed it down to the combination
> of the interfaces and hosts files; if I comment out the two lines in the
> hosts
> file and I assign eth0 in the interfaces file to the net zone, as in a
> "normal" one-interface setup, it works also with shorewall started, but
> obviously the local clients do not connect to the Internet because the
> masquerading is not correctly configured.
>
> I tried to understand my mistake(s), but with no success. Any advice would be
> welcome.Please forward the output of 'shorewall dump' collected as described at http://www.shorewall.net/support.htm#Guidelines. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
