On Friday 05 Mar 2004 22:45, Klemens Arro wrote:Yes, my internal ethernet subnet is 192.168.0.0.
SNIP
/etc/shorewall/zones:Thanks, but it didn't help, shorewall started but I still can't share my ADSL. As for the question, no I didn't put it there, Mandrake Controll Center internet connection sharing tool put it there.
Here is /etc/shorewall/interfaces:
#ZONE INTERFACE BROADCAST OPTIONS
net ppp+ detect
loc eth0 detect
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
#ZONE DISPLAY COMMENTS net Net Internet zone loc Local Local #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
/etc/shorewall/policy:
# THE FOLLOWING POLICY MUST BE LAST # loc net ACCEPT fw net ACCEPT net all DROP info all all REJECT info #LAST LINE -- DO NOT REMOVE
/etc/shorewall/rules:
# PORT PORT(S)
DEST LIMIT
Nothing to do with your Internet sharing but you should remove these 2 lines
ACCEPT net fw udp 137,138,139 -
ACCEPT net fw tcp 137,138,139 -
If these lines are present, and you are running Samba (Windows networking), then anyone on the internet could access your Samba file shares.
ACCEPT loc fw udp 137,138,139 -
Again nothing to do with your problem, but if you want to add any other features to your Linux box you should open up the appropriate port here.
Ports you might like to open are :- 22 - ssh service
631 - CUPS print server
10000 - Webmin configuration
ACCEPT loc fw tcp 137,138,139 -
This line has nothing to do with Internet sharing. I do not know how it got in, but I suggest you remove it.
REDIRECT loc 3128 tcp www -
ACCEPT fw net tcp www #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
/etc/shorewall/masq:
You only need one of these lines. The other can be removed.
ppp+ 192.168.0.0/255.255.255.0I assume your internal ethernet is on the 192.168.0.0 subnet?
ppp+ 192.168.0.0/255.255.255.0
None of the comments I have made above would stop shorewall from working, and you say that shorewall now starts, so it looks as if Internet sharing is actually working.
Your problem may be that you have not configured the Windows clients correctly. If you have not started a DHCP server on the Linux box (to allocate IP addresses to the Windows machines), then you should be using static addressing on the Windows clients. (IP addresses manually configured)
You should also configure the Windows clients to use the Linux box as the "Default Gateway", and you should enter the IP addresses of your ISPs DNS servers in the DNS configuration of your Windows clients.
BTW: By default shorewall inhibits 'ping' so do not be surprised if you cannot ping the Linux box from your Windows clients.
HTH
derek
I configured windows but it didn't help, I even allowed pinging (from MCC) but i still can't ping my box.
And "dhcpd" daemon is running and is configured (with DHCP configuration wizard).
I liked to get it work like mdk 9.x had (DHCP auto configuring windows).
Actually whole MCC firewall and internet connecting is weird: first button "Internet connection" is always empty, even if i fill there something and I click "ok", next time it is empty again. second button "manage connection" don't show my Internet access (ppp+). third, always after changing firewall rules it asks me my Internet connection (there is written, if adsl, put ppp+) but there is list only (i can't change it) and no ppp+, only eth0 and eth1 (so I have used always eth0, this is connected to ADSL modem).
(Sorry about my bad English skills ;))
-- Klemens Arro
My software never has bugs; it just develops random features.
Registered Linux User#: 346118 ICQ#: 179198850
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
