This is my first time on this list, so please be gentle. :)
After reading all the docs, previewing the logs, and lurking on this list for
a while I finally decided to try Bering. My goal is to get the
three-interfaces setup on Shorewall along with the pptp server to allow
access to the DMZ from both the Loc and Net zones. Leaving aside pptp for
now, I've managed to get Bering working with my three NICs, dispensing IPs on
eth1 (loc) and eth2 (dmz) w/ dhcp, and picking up a dynamic ip with pump on
eth0 (net).
But that's as far as I've got. So far I can't ping out from the Bering machine
with shorewall started, getting this error:
# ping mit.edu
PING mit.edu (18.7.21.70): 56 data bytes
ping: sendto: Operation not permitted
which I've identified as most likely being routing related. Similarly, I can't
ping machines on the loc or dmz subnets, i.e.:
# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
ping: sendto: Operation not permitted
Finally, I can't ping the bering box from either the dmz or loc subnets -
attempts to do so just time out.
When I try these tests with shorewall turned off I can ping the machines on
the loc and dmz networks from the bering box, and ping the bering box from
said networks, but can't ping out to the Net at large attempts to do so
result in:
# ping mit.edu
ping: unknown host mit.edu
Trying to ping the Net at large from the bering box gives me this error:
# ping mit.edu
ping: mit.edu: Host name lookup failure
When I ping the bering box from the Net I get zero results - it just times
out.
Most frustratingly, no messages appear in the logs on the Bering machine when
I try any of the above. I can see that DNS resolution only occurs when
shorewall is up and that shorewall is blocking ping probes, but can't
pinpoint where that problem stems from.
My main concern is that I would like to be able to debug this myself and don't
know where to start. My first instinct is to reach for tcpdump, but it's not
available on Bering. Given that I copied the three-interfaces file set for
shorewall and otherwise followed the Installation guide more or less exactly
I'd rather not just dump all my .conf files on this list - but can anyone
give me any advice on where to start debugging this otherwise?
There are only two suspicious things I can see with the LRP load sequence:
1) when booting, shorewall gives me this error: .: Can't open
/etc/shorewall/common.def
2) ip addr show lists the first interface as lo, the third, fourth, and five
interface as eth 0, eth1, and eth 2 respectively, but the second interface is
listed as dummy0, with no inet or brd addresses. What does this mean?
Thanks for any and all help,
Josh
---
This sf.net email is sponsored by:
With Great Power, Comes Great Responsibility
Learn to use your power at OSDN's High Performance Computing Channel
http://hpc.devchannel.org/
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
