Ah.... at last, someone asking about the routing I am bit suspicious that this is the problem
(before everything started) > route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0 > pppoe start > shorewall start (after ppp0 up and same result after firing up shorewall) > route -n Destination Gateway Genmask Flags Metric Ref Use Iface 10.20.20.125 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0 > route add default gw 10.20.20.125 dev ppp0 > route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.20.20.125 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0 0.0.0.0 10.20.20.125 0.0.0.0 UG 0 0 0 ppp0 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0 > ip route ls 10.20.20.125 dev ppp0 proto kernel scope link src 220.244.8.194 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.1 10.0.0.0/8 dev eth0 proto kernel scope link src 10.1.1.4 default via 10.20.20.125 dev ppp0 default dev ppp0 scope link Still, I am unable to get anything from my winXp 10.1.1.5 I am not sure putting default gw 10.20.20.125 dev ppp0 is the correct syntax 10.20.20.125 is not the real IP address from TPG eth2 is never being fired up, not even listed on /etc/network.interfaces auto eth0 eth1 lo iface lo inet loopback allow-hotplug eth0 eth1 iface eth0 inet static address 10.1.1.4 netmask 255.0.0.0 network 10.0.0.0 broadcast 10.255.255.255 iface eth1 inet static address 192.168.1.1 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 also for consideration, few of conf files /etc/resolv.conf (added auto from pppoe, TPG' DNS) nameserver 203.12.160.35 nameserver 203.12.160.36 /etc/networks loopback 127.0.0.0 link-local 169.254.0.0 localnet 10.0.0.0 And attaching my shorewall.conf(.txt) Hope these info clearing up my mistake somewhere.... ----- Original Message ---- From: subscriptions <[EMAIL PROTECTED]> To: Phillipus Gunawan <[EMAIL PROTECTED]> Sent: Wednesday, 26 November, 2008 6:57:07 PM Subject: Re: Fw: shorewall newbie Revisit: new IP On Wed, 2008-11-26 at 07:59 +0100, Phillipus Gunawan wrote: > > > > Hi There, > > As suggested, I change the IP for eth1, but unfortunately, still same > result, but I hope to get a light this time > On Policy, I simply put "ALL ALL ACCEPT" just for a starter, to get > this shorewall working is my priority > Why i am not simply put net.ipv4.ip_forward=1, I want to get this > shorewall up and running..... > > I am using eth0 and connect from other host (e.g. 10.1.1.5, winXp) and > set the gateway and DNS as 10.1.1.4 > No connection, only able to ping 10.1.1.4 .... > > I am still in a BIG question, what I did wrong > I also simply copying the "three-interfaces" example also trying > "two-interfaces", still no luck > > Can anyone guide me? > How is the routing? Do: route -n Start your day with Yahoo!7 and win a Sony Bravia TV. Enter now http://au.docs.yahoo.com/homepageset/?p1=other&p2=au&p3=tagline
STARTUP_ENABLED=Yes VERBOSITY=1 SHOREWALL_COMPILER= # L O G G I N G LOGFILE=/var/log/messages LOGFORMAT="Shorewall:%s:%s:" LOGTAGONLY=No LOGRATE= LOGBURST= LOGALLNEW= BLACKLIST_LOGLEVEL= MACLIST_LOG_LEVEL=info TCP_FLAGS_LOG_LEVEL=info RFC1918_LOG_LEVEL=info SMURF_LOG_LEVEL=info LOG_MARTIANS=No # L O C A T I O N O F F I L E S A N D D I R E C T O R I E S IPTABLES= PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh SUBSYSLOCK="" MODULESDIR= CONFIG_PATH=/etc/shorewall:/usr/share/shorewall RESTOREFILE= IPSECFILE=zones LOCKFILE= # D E F A U L T A C T I O N S / M A C R O S DROP_DEFAULT="Drop" REJECT_DEFAULT="Reject" ACCEPT_DEFAULT="none" QUEUE_DEFAULT="none" NFQUEUE_DEFAULT="none" # R S H / R C P C O M M A N D S RSH_COMMAND='ssh [EMAIL PROTECTED] ${command}' RCP_COMMAND='scp ${files} [EMAIL PROTECTED]:${destination}' # F I R E W A L L O P T I O N S IP_FORWARDING=On ADD_IP_ALIASES=Yes ADD_SNAT_ALIASES=No RETAIN_ALIASES=No TC_ENABLED=Internal TC_EXPERT=No CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=No CLAMPMSS=Yes ROUTE_FILTER=Yes DETECT_DNAT_IPADDRS=Yes MUTEX_TIMEOUT=60 ADMINISABSENTMINDED=Yes BLACKLISTNEWONLY=Yes DELAYBLACKLISTLOAD=No MODULE_SUFFIX= DISABLE_IPV6=Yes BRIDGING=No DYNAMIC_ZONES=No PKTTYPE=Yes RFC1918_STRICT=No MACLIST_TABLE=filter MACLIST_TTL= SAVE_IPSETS=No MAPOLDACTIONS=No FASTACCEPT=No IMPLICIT_CONTINUE=Yes HIGH_ROUTE_MARKS=No USE_ACTIONS=Yes OPTIMIZE=0 EXPORTPARAMS=Yes EXPAND_POLICIES=Yes KEEP_RT_TABLES=No DELETE_THEN_ADD=Yes MULTICAST=No DONT_LOAD= # P A C K E T D I S P O S I T I O N BLACKLIST_DISPOSITION=DROP MACLIST_DISPOSITION=REJECT TCP_FLAGS_DISPOSITION=DROP #LAST LINE -- DO NOT REMOVE