Hi,
It's not clear to me why you have two internal network zones -- 172*
and 192* -- which will be complicating your config. If you can reduce it
to just one, so your desktop has just one IPv4, then it will be simpler.
That said, two networks is not invalid.
On your linux router, you need to define several things - NAT (likely
within shorewall) and the routes. The default route (0/0) will be to the
internet, while you will need routes for your two internal networks as
well. As noted by Matt, the ip forwarding option must be enabled on this
machine to make these alternate routes work.
The things you can't do on the desktop suggest that that machine is
using a 172* address, and essentially can't "see" the 192* network. This
could be because your linux router's eth0 interface doesn't have a 192*
address. Also, check that there is a route for the 192* onto the
ethernet device for the desktop, as there will be for the 172* network.
Alternatively, enabling your router to reroute traffic for 192* from
172* and vice versa as a gateway may be simpler if there are many
"desktop"-style machines, and only slightly slower.
Having two networks makes setting up some services harder --
specifically, any server that only binds to one IP address (rather than
all possible ones) has to bind to the expected address, not whichever it
found first, so check that is the case (e.g. using netstat).
Finally, I have found 'netplan.io' to be, in the main, a boon for
configuring non-trivial network setups, as it brings together the
configurations of many different tools in one place. I could also
mention my tool 'ansible-pppoe-client', which uses the 'ansible'
deployment tool to define a service for connecting to PPPoE modems,
using pppd in the background.
HTH,
Ruth
On 17/05/2021 13:35, tha...@letterboxes.org wrote:
Hi everybody,
I'm working on setting up my first linux based Shorewall firewall. Finally
getting rid of the Netgear router/firewall.
I'm having trouble getting to my internet-connected Modem's Web interface from
my LAN.
I'm pretty sure that I'm not understanding routes the right way.
My network looks like this
PUBLIC INTERNET
|
|
|
|
ATT MODEM
| eth0: IP ADDRESS = 192.168.1.254 (Web User Interface)
|
|
| eth1: IP ADDRESS = 99.X.X.X
| IP ADDRESS = 192.168.1.25
LINUX ROUTER
| eth0: IP ADDRESS = 172.30.8.1
|
|
|
ETHERNET SWITCH
|
|
|
| eth0: IP ADDRESS = 172.30.8.104
| IP ADDRESS = 192.168.1.104
DESKTOP
ON the "LINUX ROUTER", I can
-- ping the "LINUX ROUTER" @ 192.168.1.25
-- ping the "ATT MODEM" @ 192.168.1.254
-- access the 'Web User Interface' on the "ATT MODEM" in a browser
-- access everything on the Public Internet
ON the "DESKTOP", I can
-- access everything on the Public Internet
ON the "DESKTOP", I can NOT
-- ping the "LINUX ROUTER" @ 192.168.1.25
-- ping the "ATT MODEM" @ 192.168.1.254
-- access the 'Web User Interface' on the "ATT MODEM" in a browser
To get from the DESKTOP to the ATTMODEM I _think_ I need some route in the /routes
file. At least. But I don't understand what & where to set it.
Can anyone help get me pointed in the right direction? I'd appreciate it a lot!
Thanks!
Thad
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
