Would it be ok for me to email you off list to get some help with a new
setup of Shorewall that I did?
It would be, but i am not sure if i can help you, because i have
dropped shorewall and i am no firewall expert.
I would suggest you to look at the shorewall guides at the shorewall
homepage,
Daniel,
Would it be ok for me to email you off list to get some help with a new
setup of Shorewall that I did?
Thanks,
Shawn
On 1/23/07, Daniel Pielmeier [EMAIL PROTECTED] wrote:
Hi all,
i solved my problem by the help of the shorewall mailing list.
The shorewall maintainer Tom Eastep
Hi all,
i solved my problem by the help of the shorewall mailing list.
The shorewall maintainer Tom Eastep helped me with a quick answer.
It has nothing to do with shorewall so there is no file of shorewall
causing this troubles.
When i set up internet connection with pppoe-setup i have
On Sat, 2007-01-20 at 23:01 +0100, Daniel Pielmeier wrote:
The only last thing I could suggest is running lsof to see what files
are being accessed when you start the net.eth1 script.
I tried lsof, but is there a possibility to run it constantly or for a
specified time to catch the
The only last thing I could suggest is running lsof to see what files
are being accessed when you start the net.eth1 script.
I tried lsof, but is there a possibility to run it constantly or for a
specified time to catch the complete progress of the script, like the
top command to monitor all
Hi all!
Thank you very much for trying to help me on this strange things. I
hope i didn't have overseen a very simple thing which causes this
problem.
dale wrote
[EMAIL PROTECTED] / # equery files shorewall
[ Searching for packages matching shorewall... ]
* Contents of
On Fri, 2007-01-19 at 10:08 +0100, Daniel Pielmeier wrote:
Another thing i will try is to reemerge shorewall put my configuration
back run shorewall and search for the files which have changed
recently.
good idea, if you have the space you can just `cp -a /etc /etc.old`
(only 124M here). Then
I've been holding back on replying for a while now, but I think you
should try a simple iptables setup like this one:
Excuse me, but my problem is not that my tables are not working, they
work very well. I applied forwarding and masquerading, also a basic
set of filtering rules which block all
On 18 January 2007 11:25, Daniel Pielmeier wrote:
I've been holding back on replying for a while now, but I think you
should try a simple iptables setup like this one:
Excuse me, but my problem is not that my tables are not working, they
work very well. I applied forwarding and
Daniel Pielmeier wrote:
I've been holding back on replying for a while now, but I think you
should try a simple iptables setup like this one:
Excuse me, but my problem is not that my tables are not working, they
work very well. I applied forwarding and masquerading, also a basic
set of
If you really removed shorewall from your runlevel (rc-update del shorewall
default) try this:
rm /var/lib/iptables/rules-save
i have removed shorewall from my runlevels and added iptables
Did you do a /etc/init.d/iptables save by any chance? That's the only
thing I can think of.
the way
On Thu, 18 Jan 2007 12:11:34 +0100
Daniel Pielmeier [EMAIL PROTECTED] wrote:
Excuse me, but my problem is not that my tables are not working, they
work very well. I applied forwarding and masquerading, also a basic
set of filtering rules which block all access from outside.
oops. sorry.
On Thu, 2007-01-18 at 12:11 +0100, Daniel Pielmeier wrote:
the way i have applied my rules is as follows
first i load them with my generated script
then i invoke /etc/init.d/iptables save
and to be sure i do an /etc/init.d/iptables restart
iptables -L, iptables -L -t nat, iptables -L -t
hmm, shorewall must have done something that's more persistent.
Have a look at /etc/runlevels, and make sure there is no shorewall stuff
left in there.
Also look in /etc/conf.d/net* and make sure there is no postup functions
lying around.
And make sure /etc/init.d/net.eth1 is a symlink to
Iain Buchanan wrote:
Is there a /etc/shorewall directory? Perhaps someone who has it
installed could do `equery files shorewall` so you could check that it
really is deleted.
Well, these idea's are really stabbing in the dark, but you gotta start
somewhere!
HTH,
Here you go:
On Fri, 2007-01-19 at 02:10 +0100, Daniel Pielmeier wrote:
hmm, shorewall must have done something that's more persistent.
...
Well, these idea's are really stabbing in the dark, but you gotta start
somewhere!
thanks for your hints, i checked all these things but there seems
nothing of
Iain Buchanan wrote:
ah yes, I recall the cruft script! Does it exclude any directories?
If there is nothing shorewall related left, then the only explanation is
that shorewall must have edited an existing file somewhere... which
seems strange... hal? udev? who knows!
The only last thing
On Fri, 2007-01-19 at 01:01 -0600, Dale wrote:
Iain Buchanan wrote:
ah yes, I recall the cruft script! Does it exclude any directories?
If there is nothing shorewall related left, then the only explanation is
that shorewall must have edited an existing file somewhere... which
seems
On 19 January 2007 08:45, Iain Buchanan wrote:
On Fri, 2007-01-19 at 02:10 +0100, Daniel Pielmeier wrote:
hmm, shorewall must have done something that's more persistent.
...
Well, these idea's are really stabbing in the dark, but you gotta start
somewhere!
thanks for your hints, i
Hi again,
it seems that i was running in another problem.
This are my current iptables!
Chain INPUT (policy ACCEPT)
target prot opt source destination
block all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source
On Wed, 17 Jan 2007 20:02:54 +0100
Daniel Pielmeier [EMAIL PROTECTED] wrote:
Hi again,
it seems that i was running in another problem.
This are my current iptables!
...
What could be the problem here? Is the net init-script changing my
rules? I think i have removed shorewall completely,
But everything looks quite normal, except for that packets aren't
routed. So its up to somebody else to tell exactly what that policy
module in iptables does -- and how. I don't have answers left here --
except for the case that a manual iptables setup is sufficient.
Personally, I'm quite happy
Hi,
On Tue, 16 Jan 2007 09:03:59 +0100 Daniel Pielmeier
[EMAIL PROTECTED] wrote:
Personally, I'm quite happy with
$ iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
$ iptables -A FORWARD -i eth0 -m state --state NEW,ESTABLISHED,RELATED -j
ACCEPT
$ iptables -A FORWARD -i ppp0 -m
Personally, I'm quite happy with
$ iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
$ iptables -A FORWARD -i eth0 -m state --state NEW,ESTABLISHED,RELATED -j
ACCEPT
$ iptables -A FORWARD -i ppp0 -m state --state NEW,ESTABLISHED,RELATED -j
ACCEPT
Aaargh! That last one should have
Hi,
On Tue, 16 Jan 2007 13:10:45 +0100 Daniel Pielmeier
[EMAIL PROTECTED] wrote:
Thanks, so i think that i have to get familiar with iptables
itself, because i want to some more than routing. I will try this
rules in the evening and tell you if it works.
No fears, iptables is easy
Thanks for that link. The document is _very_ good and complete. But I
don't think it's particularly well suited for beginners.
My suggestion would probably be very conservative: netfilter.org's own
docs. http://www.netfilter.org/documentation/index.html
np, i thought when i have to learn
Thanks for that link. The document is _very_ good and complete. But I
don't think it's particularly well suited for beginners.
My suggestion would probably be very conservative: netfilter.org's own
docs. http://www.netfilter.org/documentation/index.html
I have now applied your masquerading and
On Tue, 2007-01-16 at 13:10 +0100, Daniel Pielmeier wrote:
I haven't found a how-to like this. Do you know a good how-to?
for linux howto's, I highly recommend tldp:
http://tldp.org/HOWTO/HOWTO-INDEX/networking.html#NETROUTING
try the Masquerading-Simple-HOWTO.
HTH,
--
Iain Buchanan iaindb
Hans-Werner Hilse wrote:
Thanks for that link. The document is _very_ good and complete. But I
don't think it's particularly well suited for beginners.
My suggestion would probably be very conservative: netfilter.org's own
docs. http://www.netfilter.org/documentation/index.html
-hwh
Hmmm, me either. I'm not sure about what it would be called. Do you
have gkrellm installed? Sometimes I use it to see where the traffic
is. That is how I knew it was iptables in my other thread. The data
was getting there because gkrellm was seeing it but my system was not.
No clue how one
-Original Message-
From: Daniel Pielmeier [mailto:[EMAIL PROTECTED]
Sent: 14 January 2007 19:27
To: gentoo-user@lists.gentoo.org
Subject: [gentoo-user] Setting up a home router
I can't ping from the desktop to the internet.
ping www.gentoo.org
PING www.gentoo.org (38.99.64.202
I would check that you have done:
echo 1 /proc/sys/net/ipv4/ip_forward
I think this is set, but i will check again.
Also make sure ICMP isn't blocked anywhere.
I have only blocked ping from the internet to the firewall and nowhere else.
--
gentoo-user@gentoo.org mailing list
Daniel Pielmeier wrote:
I would check that you have done:
echo 1 /proc/sys/net/ipv4/ip_forward
I think this is set, but i will check again.
Also make sure ICMP isn't blocked anywhere.
I have only blocked ping from the internet to the firewall and nowhere
else.
Send the output from
Send the output from iptables-save, please. Otherwise we could only
guess if the problem is with your firewall rules or somewhere else.
Ok, i will do that when i am back home. i thought the output from
iptables -L in my original post was enough.
--
gentoo-user@gentoo.org mailing list
Hi,
On Sun, 14 Jan 2007 20:27:11 +0100 Daniel Pielmeier
[EMAIL PROTECTED] wrote:
I can connect from the router to the internet.
I can log in from the router to the desktop per ssh and back.
I have set up an rsync on the router and rsync works from the desktop.
I have set up dnsmasq on the
route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
dslb-088-067-01 * 255.255.255.255 UH0 00 ppp0
localhost * 255.255.255.0 U 0 00 eth0
loopback*
Hi,
On Mon, 15 Jan 2007 11:45:13 +0100 Daniel Pielmeier
[EMAIL PROTECTED] wrote:
This here:
/etc/hosts
127.0.0.1 localhost
192.168.0.1 gentoo-vdr.linux gentoo-vdr
192.168.0.2 gentoo.linux gentoo
::1 localhost
I think localhost is assigned to
I think localhost is assigned to 127.0.0.1, or did i misunderstood
something?
No, that's (usually) correct. But in the route excerpt you've cited
above (please post route -n next time!) the route for localhost was
set to dev eth0. Also, the subnet was a /24 one, instead of the
usual /8 for
Send the output from iptables-save, please. Otherwise we could only
guess if the problem is with your firewall rules or somewhere else.
Here we go!
# Generated by iptables-save v1.3.5 on Mon Jan 15 19:09:43 2007
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT
I think localhost is assigned to 127.0.0.1, or did i misunderstood
something?
No, that's (usually) correct. But in the route excerpt you've cited
above (please post route -n next time!) the route for localhost was
set to dev eth0. Also, the subnet was a /24 one, instead of the
usual /8 for
Another thing that makes me wonder is that the home router guide did
nothing mention about name_servers or gateways.
According to the guide this line seems to be enough:
config_eth0=( 192.168.0.2 broadcast 192.168.0.255 netmask 255.255.255.0 )
But without the routes setting i get network
Hi,
On Mon, 15 Jan 2007 19:23:53 +0100
Daniel Pielmeier [EMAIL PROTECTED] wrote:
No, that's (usually) correct. But in the route excerpt you've cited
above (please post route -n next time!) the route for localhost was
set to dev eth0. Also, the subnet was a /24 one, instead of the
usual
Hi,
On Mon, 15 Jan 2007 19:17:45 +0100
Daniel Pielmeier [EMAIL PROTECTED] wrote:
Send the output from iptables-save, please. Otherwise we could only
guess if the problem is with your firewall rules or somewhere else.
Here we go!
# Generated by iptables-save v1.3.5 on Mon Jan 15
- is forwarding actually really enabled? Just cat the
relevant /proc/sys/net/ipv4/ip_forward.
cat /proc/sys/net/ipv4/ip_forward
returns 1
So remaining things to check would be
- where do packets do what? Use tcpdump on the router to monitor
how packets flow. Don't cite all the output, but
Hi,
On Tue, 16 Jan 2007 00:30:30 +0100
Daniel Pielmeier [EMAIL PROTECTED] wrote:
- is forwarding actually really enabled? Just cat the
relevant /proc/sys/net/ipv4/ip_forward.
cat /proc/sys/net/ipv4/ip_forward
returns 1
So remaining things to check would be
- where do packets do
Hans-Werner Hilse wrote:
Hi,
On Tue, 16 Jan 2007 00:30:30 +0100
Daniel Pielmeier [EMAIL PROTECTED] wrote:
- is forwarding actually really enabled? Just cat the
relevant /proc/sys/net/ipv4/ip_forward.
cat /proc/sys/net/ipv4/ip_forward
returns 1
So remaining things to
Again the quick dirty solution:
/etc/init.d/iptables stop
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
/etc/init.d/iptables save
rc-update -a iptables default
/etc/init.d/iptables start
--
Best regards,
Daniel
--
gentoo-user@gentoo.org mailing list
Hi,
I have a similar problem like Dale in this thread [gentoo-user] Need
help networking two machines, but i think it is not exactly the same.
I was trying to set up a home router following the
gentoo-home-router-guide
http://www.gentoo.org/doc/de/home-router-howto.xml
with shorewall as
Daniel Pielmeier wrote:
Hi,
I have a similar problem like Dale in this thread [gentoo-user] Need
help networking two machines, but i think it is not exactly the same.
I was trying to set up a home router following the
gentoo-home-router-guide
I used this script a long time ago. It worked until iptables got
changed. It still worked but it gave a few errors. Maybe some guru can
look at this and update it for us both. Then maybe I can get someone to
upgrade the script on the site. I had to edit the very first bit about
which
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Honestly for making a router ShoreWall really helps out. Shorewall is
basically a set of scripts that read configuration files that you set up
and then interacts with iptables for you.
http://www.shorewall.net/
Daniel Pielmeier wrote:
I used this script a long time ago. It worked until iptables got
changed. It still worked but it gave a few errors. Maybe some guru can
look at this and update it for us both. Then maybe I can get someone to
upgrade the script on the site. I had to edit the very
Thomas Lingefelt wrote:
Honestly for making a router ShoreWall really helps out. Shorewall is
basically a set of scripts that read configuration files that you set up
and then interacts with iptables for you.
http://www.shorewall.net/
http://www.shorewall.net/shorewall_quickstart_guide.htm
Are you on dial-up too? The EXTIF='ppp0' may need to be eth0 for you if
you are using a DSL or cable connection.
I use an adsl-modem to connect to the internet. It is configured over
eth1 but the connection runs over ppp0 so i think this is right, but i
am not sure.
--
gentoo-user@gentoo.org
Daniel Pielmeier wrote:
Are you on dial-up too? The EXTIF='ppp0' may need to be eth0 for you if
you are using a DSL or cable connection.
I use an adsl-modem to connect to the internet. It is configured over
eth1 but the connection runs over ppp0 so i think this is right, but i
am not sure.
55 matches
Mail list logo