grkm2002 wrote: > I have a 3-NIC setup with the following > eth0 > eth1 LAN: 192.168.18.1 running clients > eth2 DMZ: 10.45.93.254 running dns/dhcp server on 10.45.93.18 > > I am able to ping all gateways and net from the $FW and DMW. However, i > am unable to get my clients to obtain dhcp addresses. I'm always getting > host unreachable.
What are you doing/trying when you 'get host unreachable'? > I have an 8-port hub between each gateway and the pcs. > In /etc/shorewall/rules i have: > accept loc dmz udp 68 67 > accept dmz loc udp 67 68 The above rules are just silly. DHCP uses broadcast which will not be routed between the two zones. > > I have in /etc/shorewall/interfaces > eth1 dhcp > > Yes. My dhcp and dns are both up and running on the server. What do you mean by 'server'? If the 'server' is a system in the DMZ then you need to run dhcrelay on the firewall and set the 'dhcp' option on both eth1 and on eth2. > I've tested > my dns/dhcp configs before on a 2-NIC system and it works. Any help as > to why i am unable to get dhcp addresses would be usefull. If the DHCP server is running on a server in the DMZ, install and configure dhcrelay on the firewall. Testing with Shorewall cleared ('shorewall clear'). Only report back here if you get dhcrelay working correctly without Shorewall but you have problems when you start Shorewall again. If the DHCP server is running on the firewall system (where Shorewall is running) then be sure that your DHCP configuration is correct and that the server is configured to serve eth1 (and that eth1 is in fact the interface that is cabled to the LAN). If that all looks correct, then please submit another report following the instructions at http://www.shorewall.net/support.htm#Guidelines. -Tom -- Tom Eastep \ The ultimate result of shielding men from the effects of Shoreline, \ folly is to fill the world with fools. Washington, USA \ -- Herbert Spencer ------------------------------------------------------------------------ http://www.shorewall.net
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users