Hello Group
I have some problems in my connection to and from DMZ
and LOC
all other than LOC <-> DMZ works
I'm using shorewall 1.4.8 with the three interfaces
config examples
not only "ping" but also ssh can't connect
I imagine it's a small detail i missed
but hell i can't find it,
Regards
Lasse Jensen
some stuff:
##############################
#Bering 1.2 box #
#| #
#+eth0 net "pump ip"---------#---isp
#| #
#| #
#+eth1 loc 192.168.1.254-----#---client 192.168.1.7
#| #
#| #
#+eth2 dmz 192.168.10.100----#---server 192.168.10.101
# #
##############################
ping loc -> fw ok
ping loc <- fw ok
ping loc -> net ok
ping dmz -> fw ok
ping dmz <- fw ok
ping dmz -> net ok
ping dmz -> loc failure "network unreachable"
ping dmz <- loc failure "ctrl+c 100% loss"
ping from dmz -> loc-interface on router is ok
ping from loc -> dmz-interface on router is ok
net-interface on router "pump ip" eth0
loc-interface on router 192.168.1.254 eth1
dmz-interface on router 192.168.10.100 eth2
loc-interface on client 192.168.1.7
dmz-interface on server 192.168.10.101
# /etc/network/interfaces -- configuration file for
LEAF network
# Loopback interface.
auto lo
iface lo inet loopback
# Step 2: configure internal interface
# Default: eth1 / fixed IP = 192.168.1.254
auto eth1
iface eth1 inet static
address 192.168.1.254
masklen 24
broadcast 192.168.1.255
# Step 3 (optionnal): configure DMZ
# Default: eth2 / fixed IP = 192.168.1.100
auto eth2
iface eth2 inet static
address 192.168.10.100
masklen 24
broadcast 192.168.10.255
#
# Shorewall 1.4.8 -- Sample Policy File For Three
Interfaces
#
#SOURCE DEST POLICY LOG LEVEL
loc net ACCEPT
dmz net ACCEPT # temp
net all DROP info
all all REJECT info
#
# Shorewall version 1.4.8 - Sample Rules File For
Three Interfaces
#
#ACTION SOURCE DEST PROTO DEST
ACCEPT fw net tcp 53
ACCEPT fw net udp 53
ACCEPT loc fw tcp 22
ACCEPT loc dmz tcp 22
ACCEPT dmz net tcp 53
ACCEPT dmz net udp 53
ACCEPT loc fw udp 53
ACCEPT loc fw tcp 80
ACCEPT loc fw icmp 8
ACCEPT loc dmz icmp 8
ACCEPT dmz fw icmp 8
ACCEPT dmz loc icmp 8
ACCEPT dmz net icmp 8
ACCEPT fw loc icmp 8
ACCEPT fw dmz icmp 8
ACCEPT net fw icmp 8
ACCEPT net dmz icmp 8
ACCEPT net loc icmp 8
Yahoo! Mail (http://dk.mail.yahoo.com) - Gratis: 6 MB lagerplads, spamfilter og
virusscan
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
