>From: Richard Doyle <[EMAIL PROTECTED]> >> customizing v1.2 a snap, if I started by making them the same. >One would think so. I've just switched to a Bering 1.2 firewall running >on an old portable with a dial-out connection, so it _is_ possible.
I expect so. >Look to >http://sourceforge.net/docman/display_doc.php?docid=1433&group_id=13751 >on using ping to debug firewall problems. It sounds like you were Can't get there from here now, but I'll try to check it out later. If I got the interfaces section right I'd expect it to react to a ping, because I wouldn't expect the Shorewall default to block them. >pinging the firewall from a Windows host attached to the internal >interface of the firewall. Is that the case? Right. 100% failure. >The 10.x.x.x addresses are defaults, used before the a connection is >established. ppp0 will get real IPs from your ISP when the connection is >established. The daemon.log for 1.0 doesn't mention that before a connection is established. >You don't have any compression/deflation Modules, but that shouldn't be >a cause for concern at this point. Would that be for doing s/w compression on the modem? That would help. I've tested all my 56K modems on my lines in the firewall, and the best of them can only get 37,333baud with any reliability. >> Shorewall status: ><snip lots of 0 packet counts> >Nothing enters the box on either interface. Run "ip -s link show eth0" >and "ip -s link show ppp0" to see total packet counts I'll try later, and report. [OK, see below.] >Nothing here seems unexpected. > >It is odd that your Bering box isn't responding to pings aimed at its >internal interface, since you say that the same hardware, in the same >configuration works with a Bering 1.0 diskette. What happens when you >ping the "internal" computer from the Bering box? Observe the lights on I tried that once, and IIRC Shorewall complained. [Damn, forgot to check this again.] >both NICs when you ping the Bering box from the other computer, and when >you ping the other computer from the Bering box. Uhh, I don't think these 3C509B's have leds, and they certainly aren't easy to get to! >As to the external interface, the problem could be in your Shorewall or >PPP configuration, or something else (tm). You might want to post your You mean trying pon/poff commands--I can't get there yet from the client browser. [I tried 'pon provider' and it didn't try to dial out.] >/etc/network/interfaces file and your ppp configuration files, with >username and passwords obscured. Shorewall usually loads late in the >boot process; look at the messages that scroll by right before you get >the login prompt. Anything odd? Not that I can tell. Thought that's what 'shorewall status' would tell. > [OK, let's see what else I got this evening. You can see my 'chicken tracks'] # /etc/hosts.allow: list of hosts that are allowed to access the system. See # hosts_access(5) and /usr/doc/net/portmapper.txt # # Example: ALL: LOCAL @some_netgroup # ALL: .foobar.edu EXCEPT terminalserver.foobar.edu # # Allow anything from the local net ALL: 192.168.1.0/255.255.255.0 # /etc/hosts.deny: list of hosts that are _not_ allowed to access the system. # See hosts_access(5) and /usr/doc/net/portmapper.txt # # Example: ALL: some.host.name, .some.domain # ALL EXCEPT in.fingerd: other.host.name, .other.domain # # The PARANOID wildcard matches any host whose name does not match its # address. ALL: PARANOID # Prevent all access not explicitly allowed in hosts.allow ALL: ALL #PGR was here # /etc/network/interfaces -- configuration file for LEAF network # J. Nilo, April 2002 # # Loopback interface. auto lo iface lo inet loopback # Step 1: configure external interface # uncomment/adjust one of the following 4 options # Option 1.1 (default): eth0 / dynamic IP from pump/dhclient #auto eth0 #iface eth0 inet dhcp # # Option 1.2: eth0 / Fixed IP (assumed to be 1.2.3.4). # (broadcast/gateway optional) #auto eth0 #iface eth0 inet static # address 1.2.3.4 # masklen 24 # broadcast 1.2.3.255 # gateway 1.2.3.1 # # Option 1.3: PPP/PPPOE (modem connected to eth0) #auto ppp0 #iface ppp0 inet ppp # pre-up ip link set eth0 up # provider dsl-provider eth0 # # Option 1.4: PPP modem # PGR: enabled auto ppp0 iface ppp0 inet ppp provider provider # Step 2: configure internal interface # Default: eth1 / fixed IP = 192.168.1.254 # PGR: eth0 not 1 auto eth0 iface eth0 inet static address 192.168.1.254 masklen 24 broadcast 192.168.1.255 # Step 3 (optionnal): configure DMZ # Default: eth2 / fixed IP = 192.168.1.100 #auto eth2 #iface eth2 inet static # address 192.168.1.100 # masklen 24 # broadcast 192.168.1.255 # Step 4 (optionnal): configure a bridge #auto br0 #iface br0 inet static # address 192.168.1.254 # masklen 24 # broadcast 192.168.1.255 # bridge_ports all # .../networks localnet 127.0.0.0 lan 192.168.1.0 # .../options ip_forward=no spoofprotect=yes syncookies=no # PGR was here # /etc/ppp/options asyncmap 0 auth crtscts lock hide-password modem proxyarp lcp-echo-interval 30 lcp-echo-failure 4 noipx demand # PGR: dial on demand, not boot idle 600 # PGR: allow 10 minutes idle mru 576 # PGR: maximum receive unit mtu 576 # PGR: maximum transmit unit /etc/chatscripts/provider # PGR was here # ISP login chat script ABORT "BUSY" ABORT "NO CARRIER" ABORT "VOICE" ABORT "NO DIALTONE" ABORT "NO ANSWER" # PGR: MODEM init string "" AT&F1E1&U14&N24L3 # ISP telephone number: OK ATDT5036240558# CONNECT '' /etc/shorewall/interfaces # PGR was here # # Shorewall 1.4 -- Sample Interface File For Two Interfaces # <snipped most comments> # ############################################################################## #ZONE INTERFACE BROADCAST OPTIONS # PGR: Internet via ppp, local via NIC net ppp0 - routefilter,norfc1918,dropunclean,tcpflags loc eth0 detect #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE [ after trying ping twice from W95 client, then #ip-s link show eth0 (cable works)] 3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:60:97:22:82:7d brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 652 9 0 0 0 0 TX: bytes packets errors dropped carrier collsns 42 1 0 0 0 0 ['ip -s link show ppp0' complained ppp0 didn't exist] I'm still stumped. Any suggestions appreciated. Paul Rogers ([EMAIL PROTECTED]) http://www.xprt.net/~pgrogers/ http://www.angelfire.com/or/paulrogers/ Rogers' Second Law: "Everything you do communicates." (I do not personally endorse any additions after this line. TANSTAAFL :-) ________________________________________________________________ The best thing to hit the internet in years - Juno SpeedBand! Surf the web up to FIVE TIMES FASTER! Only $14.95/ month - visit www.juno.com to sign up today! ------------------------------------------------------- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
