On 8/15/23 15:44, Philip Le Riche via Shorewall-users wrote:
We have a Shorewall firewall at the school where I volunteer, protecting
the school network from a Raspberry Pi farm on which students
necessarily have root privileges. I rebuilt it at home on newer hardware
with the outside interface IP address reflecting my home 192.168 network
instead of the school 172. network. I took it in to school today and
attempted to reconfigure the outside interface IP.
Using the GUI (Linux Mint XFCE), I changed the outside NIC IP address,
netmask, def g/w and DNS server. In the GUI, the outside NIC (enp2s0)
has the label SchlNet. Shorewall IP address dependencies are
encapsulated in /etc/shorewall/params, and I changed those.
After a reboot, the GUI shows SchlNet has lost its configured IP address
but gained 16 alias addresses added by Shorewall for NAT rules.
Meanwhile, a new enp2s0 has appeared with an IP address I didn't recognise.
This is a wild guess, to me you have a static network at home and a DHCP
set up at school. :)
ifconfig shows the base enp2s0 with no IP address, plus the 16 expected
With a new set up, I would familierize myself with the iptools PKG! ;^)
shorewall stop and shorewall clear before reapplying the config made no
improvement.
Most likely because it has nothing to do with SW!
Maybe I should be using the CUI commands, but I'll need to read a man
page or two first, and I'm not sure whether the GUI tool maintains any
of its own data. Anyway, a bit of insight from round here would be
appreciated.
To me , headless mode is the way to go (Webmin comes to mind).
--
Matt Darfeuille <m...@shorewall.org>
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/
Homepage: https://shorewall.org
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
