On 27/08/07 2:28, "Tom Eastep" <[EMAIL PROTECTED]> wrote: > Lars E. D. Jensen wrote: >> >> >> On 27/08/07 1:48, "Tom Eastep" <[EMAIL PROTECTED]> wrote: >>>> I've followed this from ProxyARP.htm: >>>> The lower systems (130.252.100.18 and 130.252.100.19) should have their >>>> subnet mask and default gateway configured exactly the same way that the >>>> Firewall system's eth0 is configured. In other words, they should be >>>> configured just like they would be if they were parallel to the firewall >>>> rather than behind it. >>>> >>>> The DMZ server 192.168.1.20 is setup with the same network config as the >>>> firewalls eth0/192.168.1.15 that is with gateway 192.168.1.1. >>>> >>> 192.168.1.20 is connected to eth1 which is also where the firewall's >>> default gateway is connected. That is NOT the configuration shown in >>> ProxyARP.htm. >>> >>> -Tom >> >> Ok, then I'm missing something :) >> >> eth1 in the firewall is configured with 192.168.2.15 and gateway 192.168.2.1 >> (I've also tried to remove the gateway definition from eth1). >> >> How do you see that the default gateway is connected to eth1? >> > > From the main routing table: > > 192.168.1.20 dev eth1 scope link > 192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.15 > 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.15 > 169.254.0.0/16 dev eth1 scope link > default via 192.168.2.1 dev eth1 <======================================
Ok, I removed the gateway definition for eth1 on the firewall and now have: default via 192.168.1.1 dev eth0 Still having problems with Internet access from domU with 192.168.1.20 (the dmz server). I have a policy that should allow it to access the Internet. Trying this on the firewall when the dmz server tries to access the Internet gives: tcpdump -n -i eth1 host 192.168.1.20 12:13:38.062457 arp who-has 192.168.1.1 tell 192.168.1.20 12:13:41.062621 arp who-has 192.168.1.1 tell 192.168.1.20 12:13:42.062697 arp who-has 192.168.1.1 tell 192.168.1.20 12:13:43.062731 arp who-has 192.168.1.1 tell 192.168.1.20 12:13:46.062923 arp who-has 192.168.1.1 tell 192.168.1.20 203 packets captured 406 packets received by filter 0 packets dropped by kernel Is there something special I need to do i dom0, configure the bridges in the right way? Or is it because I'm using local IP addresses (192.168.X.X) ? Thanks. Lars ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
