PGNd <[email protected]> wrote: > I've setup a DHCP connected linux box. It runs Shorewall. > > [net] > | > ------------------------ > EXT: DHCP Client > Uverse/ATT modem (bridge mode) > INT: DHCP Server & WebServer @ http://192.168.1.254 > ------------------------ > | > | > ------------------------ > EXT: DHCP Client -> IP == 1.2.3.4 > Linux Router/Firewall (shorewall) > INT: 192.168.1.100 > ------------------------ > | > |-------------------------------| > ------------------- ------------------- > EXT: 192.168.1.10 EXT: 192.168.1.20 > Linux Laptop Linux MailServer (temp) > ------------------- -------------------
Tom has beaten me to it - you have an invalid IP configuration since the subnet between modem and firewall is the same as your internal network. Thus it's not possible to correctly route traffic to allow internal devices to access the modem. What you need to do is renumber one or other of the networks so that the subnets do not overlap. Once you have done that, you'll find that the modem is directly reachable - though you may need to relax your RFC1918 filtering*. If you don't change your masq config, then the modem will see traffic coming from your external address. You can alter that by specifying (from memory) "net:!192.168.2.0/24" in your masq config file (assuming you'd changed the modem to be in the 192.168.2.0/24 subnet). * If you are still using (from memory) norfc1918 which IIRC is deprecated, then you'll need to remove it and apply rules. You need to add permit rules for the outside private network. So you'll need rules like : permit lan net:192.168.2.0/24 deny lan net:192.168.0.0/16 deny lan net:172.16.0.0/12 deny lan net:10.0.0.0/8 You are filtering RFC1918 traffic on egress aren't you ? NB - I had a similar setup at one time, with an ADSL modem on RFC1918 address and router getting address from ISP by DHCP. ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
