Hi all,
Ahh I think I'm close,
This is my setup.
My ADSL modem has the IP 192.168.0.1 on it. This is the IP I wish to
access the web setup page on, I also wish to access the SNMP on the
modem via this IP.
My internal clients are able to ping 192.168.0.2 on eth0.
I can not ping the 192.168.0.1 address from the firewall. I get this
error
# ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1): 56 data bytes
ping: sendto: Operation not permitted
I'm getting the reject packet in my shorewall.log
Aug 15 08:39:27 talon Shorewall:all2all:REJECT: IN= OUT=eth0 MAC=00
SRC=192.168.0.2 DST=192.168.0.1 LEN=84 TOS=00 PREC=0x00 TTL=64 ID=28777
DF PROTO=ICMP TYPE=8 CODE=0 ID=51042 SEQ=0
I'm not sure what I have to add to shorewall to allow my internal
machines to access port 80 and the snmp port on my adsl modem.
#Shoreall Stuff
Zones file
dsl dsl ADSL Modem
net Net Internet
upnp UPNP UPNP Network
loc Local Local Networks
Interfaces file
net ppp0 - routefilter
loc eth1 detect routestopped
dsl eth0
Policy file
net all DROP ULOG
all all REJECT ULOG
fw upnp ACCEPT
fw dsl ACCEPT
And rules file
..snip..
ACCEPT fw dsl tcp 80
ACCEPT fw dsl udp snmp
..snip..
# ip route show
203.194.30.234 dev ppp0 proto kernel scope link src 220.240.4.163
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.2
10.0.10.0/24 dev eth1 proto kernel scope link src 10.0.10.1
default via 203.194.30.234 dev ppp0
# ip addr
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:d0:b7:90:83:21 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.2/24 brd 192.168.0.255 scope global eth0
4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:90:27:58:e2:dd brd ff:ff:ff:ff:ff:ff
inet 10.0.10.1/24 brd 10.0.10.255 scope global eth1
5: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen
3
link/ppp
inet 220.240.4.163 peer 203.194.30.234/32 scope global ppp0
-----Original Message-----
From: Tom Eastep [mailto:[EMAIL PROTECTED]
Sent: Friday, 15 August 2003 7:33 AM
To: Adam Niedzwiedzki
Cc: Leaf User List
Subject: Re: [leaf-user] Access ADSL modem SNMP/Config page
On Thu, 2003-08-14 at 14:17, Adam Niedzwiedzki wrote:
> Hi guys,
>
> I'm a little confused on how I setup my bering machine to allow me to
> access the configuration page on my ADSL modem. I have 2 nic's in my
> bering box with eth0 directly connected to my netcomm NB1300 modem.
> (via ethernet crossover cable). I followed the user guide on setting
> up PPPOE, http://leaf.sourceforge.net/doc/guide/bupppoe.html
> I can add an IP to my DSL modem but how do I setup bering to allow me
to
> access the IP from my internal lan.
> eth1 has static IP: 10.0.10.1 I put 10.0.10.2 on the ADSL modem, but I
> know without additional config with bering I can't access it.
>
> I gather I need to put the IP on the modem and the eth0 nic on a
> different subnet, but how do I configure the firewall/bering to allow
> me access to the modem?
>
Please disregard my last response referring you to the Shorewall FAQ --
I missed the part about PPPOE.
For PPPOE, the shorewall part goes something like:
a) add zone 'modem' to /etc/shorewall/zones
b) add a record for "modem eth0 ..." in /etc/shorewall/interfaces
c) add rule "ACCEPT fw modem udp snmp"
May have to add other rules but they should be obvious from looking at
the output of "shorewall show log".
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
