Hi all, Ahh I think I'm close, This is my setup.
My ADSL modem has the IP 192.168.0.1 on it. This is the IP I wish to access the web setup page on, I also wish to access the SNMP on the modem via this IP. My internal clients are able to ping 192.168.0.2 on eth0. I can not ping the 192.168.0.1 address from the firewall. I get this error # ping 192.168.0.1 PING 192.168.0.1 (192.168.0.1): 56 data bytes ping: sendto: Operation not permitted I'm getting the reject packet in my shorewall.log Aug 15 08:39:27 talon Shorewall:all2all:REJECT: IN= OUT=eth0 MAC=00 SRC=192.168.0.2 DST=192.168.0.1 LEN=84 TOS=00 PREC=0x00 TTL=64 ID=28777 DF PROTO=ICMP TYPE=8 CODE=0 ID=51042 SEQ=0 I'm not sure what I have to add to shorewall to allow my internal machines to access port 80 and the snmp port on my adsl modem. #Shoreall Stuff Zones file dsl dsl ADSL Modem net Net Internet upnp UPNP UPNP Network loc Local Local Networks Interfaces file net ppp0 - routefilter loc eth1 detect routestopped dsl eth0 Policy file net all DROP ULOG all all REJECT ULOG fw upnp ACCEPT fw dsl ACCEPT And rules file ..snip.. ACCEPT fw dsl tcp 80 ACCEPT fw dsl udp snmp ..snip.. # ip route show 203.194.30.234 dev ppp0 proto kernel scope link src 220.240.4.163 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.2 10.0.10.0/24 dev eth1 proto kernel scope link src 10.0.10.1 default via 203.194.30.234 dev ppp0 # ip addr 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:d0:b7:90:83:21 brd ff:ff:ff:ff:ff:ff inet 192.168.0.2/24 brd 192.168.0.255 scope global eth0 4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:90:27:58:e2:dd brd ff:ff:ff:ff:ff:ff inet 10.0.10.1/24 brd 10.0.10.255 scope global eth1 5: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen 3 link/ppp inet 220.240.4.163 peer 203.194.30.234/32 scope global ppp0 -----Original Message----- From: Tom Eastep [mailto:[EMAIL PROTECTED] Sent: Friday, 15 August 2003 7:33 AM To: Adam Niedzwiedzki Cc: Leaf User List Subject: Re: [leaf-user] Access ADSL modem SNMP/Config page On Thu, 2003-08-14 at 14:17, Adam Niedzwiedzki wrote: > Hi guys, > > I'm a little confused on how I setup my bering machine to allow me to > access the configuration page on my ADSL modem. I have 2 nic's in my > bering box with eth0 directly connected to my netcomm NB1300 modem. > (via ethernet crossover cable). I followed the user guide on setting > up PPPOE, http://leaf.sourceforge.net/doc/guide/bupppoe.html > I can add an IP to my DSL modem but how do I setup bering to allow me to > access the IP from my internal lan. > eth1 has static IP: 10.0.10.1 I put 10.0.10.2 on the ADSL modem, but I > know without additional config with bering I can't access it. > > I gather I need to put the IP on the modem and the eth0 nic on a > different subnet, but how do I configure the firewall/bering to allow > me access to the modem? > Please disregard my last response referring you to the Shorewall FAQ -- I missed the part about PPPOE. For PPPOE, the shorewall part goes something like: a) add zone 'modem' to /etc/shorewall/zones b) add a record for "modem eth0 ..." in /etc/shorewall/interfaces c) add rule "ACCEPT fw modem udp snmp" May have to add other rules but they should be obvious from looking at the output of "shorewall show log". -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html