Hello, i am installing my network gateway in a debian linux OS, by now i don't
have Internet, i have two routers connected to another place and i want that my
network can be routed to the others network by the routers:
The IPs are examples
Router 1 (192.168.0.1) eth1
|
--------------- GW (10.0.0.254) ------------- Net (10.0.0.0/24)
eth0
|
Router 2 (192.168.1.1) eth2
The firewall has 3 interfaces and i configure shorewall as, the only rule (for
test that my routing is working well) is permit the SNMP protocol for the
router monitor. But when i from a machine of the network (10.0.0.1) i execute
"" i dont get any reply, when i use "tcpdump -i eth1 -vvv" to see if the
packets come that show
###############################################################################
07:33:50.491443 IP (tos 0x0, ttl 63, id 43036, offset 0, flags [DF], proto UDP
(17), length 68)
10.0.0.1.49343 > 192.168.0.1.snmp: [udp sum ok] { SNMPv2c {
GetNextRequest(25) R=15012955 } }
###############################################################################
When i execute the snmpwalk from $FW works well.
The configuration files are:
/etc/shorewall/interfaces
###########################################################################
#ZONE IFACE BRODCAST OPTIONS
------------------------------------------------------
Local eth0 detect tcpflags,nosmurfs,routefilter
R1 eth1 detect
R2 eth2 detect tcpflags,nosmurfs
############################################################################
/etc/shorewall/zones
############################################################################
#ZONE TYPE OPTIONS IN UT
# OPTIONS OPTIONS
gw firewall
Local ipv4
R1 ipv4
R2 ipv4
#############################################################################
/etc/shorewall/policy
#############################################################################
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
$FW R2 ACCEPT
$FW R1 ACCEPT
Local R2 ACCEPT
Local R1 ACCEPT
R2 all DROP info
R1 all DROP info
all all REJECT info
#############################################################################
/etc/shorewall/rules
#############################################################################
SNMP(ACCEPT) Local R1:192.168.0.1
Invalid(DROP) R1 all tcp
#############################################################################
---------------------------------------
Al tanto
Ing. Luis Felipe Domínguez Vega
Administrador de la Red de Desoft Matanzas
GNU/Linux Kernel Developer - rtlwifi kernel module
"No es grande aquel que nunca falla, es grande el que nunca se da por vencido…
"
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/intel
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
