Hi There, I got a problem setting up Shorewall under Debian, hope if someone can guide me here...
Problem 1 I install Debian with eth2 plugged When Im using eth2, I can log in to my box (using webmin) to configure the debian either using 10.1.1.1 or 10.1.1.4 address remotely from other hosts, I can ping other host (e.g 10.1.1.5). But when I use eth2, I cant ping or do anything, the ping result from Debian: From 10.1.1.4 Host Unreachable What mistake I did? Why I can't use eth1 connected with other hosts? Problem 2 PPPoE up and running, I can ping any web address from Debian (e.g. www.yahoo.com) But Im not able to make other host (e.g. 10.1.1.5) connect to internet via gateway on eth1 nor eth2 Again, ignoring the use of eth2 and I can configure eth1 to talk with other hosts (problem 1 solved), how I can make Shorewall working to share the internet? Or, just using eth2, what mistake on my Shorewall conf? Any help would be much appreciated Thanks in advance All configurations are pasted below Shorewall version 4.0.14 Debian Etch Webmin Version 1.441 eth0 -> 10.1.1.1 connected to a router, act as gateway for other hosts eth1 -> 10.1.1.4 connected to wireless router eth2 -> connected to adsl bridged modem, working OK using RP-PPPoE, outputing ppp0 with correct ip from TPG Shorewall configuration Interfaces #ZONE INTERFACE BROADCAST OPTIONS net ppp0 detect routefilter loc eth0 10.1.1.255 loc eth1 10.1.1.255 Masq #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK ppp0 eth1 ppp0 eth0 Policy $FW net ACCEPT $FW loc ACCEPT net $FW ACCEPT net loc ACCEPT loc $FW ACCEPT loc net ACCEPT Zones fw firewall net ipv4 loc ipv4 ~# shorewall check Checking... Initializing... Determining Zones... IPv4 Zones: net loc Firewall Zone: fw Validating interfaces file... Validating hosts file... Pre-processing Actions... Pre-processing /usr/share/shorewall/action.Drop... Pre-processing /usr/share/shorewall/action.Reject... Validating Policy file... Determining Hosts in Zones... net Zone: ppp0:0.0.0.0/0 loc Zone: eth0:0.0.0.0/0 eth1:0.0.0.0/0 Deleting user chains... Checking /etc/shorewall/routestopped ... Creating Interface Chains... Checking Common Rules Checking Kernel Route Filtering... Checking Martian Logging... Checking /etc/shorewall/rules... Checking Actions... Checking /usr/share/shorewall/action.Drop for Chain Drop... Checking /usr/share/shorewall/action.Reject for Chain Reject... Checking /etc/shorewall/policy... Checking Masquerading/SNAT Checking Traffic Control Rules... Checking Rule Activation... Compiling IP Forwarding... Shorewall configuration verified ~# shorewall status Shorewall-4.0.14 Status at debian - Tue Nov 25 20:23:36 EST 2008 Shorewall is running State:Started (Tue Nov 25 20:23:32 EST 2008) ~# ifconfig eth0 Link encap:Ethernet HWaddr 00:E0:4C:50:18:FD inet addr:10.1.1.1 Bcast:10.255.255.255 Mask:255.0.0.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Interrupt:201 Base address:0x8000 eth1 Link encap:Ethernet HWaddr 00:E0:4C:50:16:70 inet addr:10.1.1.4 Bcast:10.255.255.255 Mask:255.0.0.0 inet6 addr: fe80::2e0:4cff:fe50:1670/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2388 errors:0 dropped:0 overruns:0 frame:0 TX packets:3341 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:305137 (297.9 KiB) TX bytes:2690271 (2.5 MiB) Interrupt:209 Base address:0xc000 eth2 Link encap:Ethernet HWaddr 00:15:58:1D:4B:4F inet6 addr: fe80::215:58ff:fe1d:4b4f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:425 errors:0 dropped:0 overruns:0 frame:0 TX packets:423 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:59062 (57.6 KiB) TX bytes:67383 (65.8 KiB) Interrupt:193 Base address:0xa800 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:560 (560.0 b) TX bytes:560 (560.0 b) ppp0 Link encap:Point-to-Point Protocol inet addr:xxx.xxx.xxx.xxx P-t-P:10.20.20.106 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 RX packets:379 errors:0 dropped:0 overruns:0 frame:0 TX packets:375 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:47826 (46.7 KiB) TX bytes:56054 (54.7 KiB) Start your day with Yahoo!7 and win a Sony Bravia TV. Enter now http://au.docs.yahoo.com/homepageset/?p1=other&p2=au&p3=tagline -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]