On Friday 3 June, 2011 16:14:03 you wrote: > On 6/3/11 2:50 PM, cac...@quantum-sci.com wrote: > > > > Hello Tom, > > > > Can't make masquerading work for some reason. > > > > I have a VirtualBox VM running Debian with network in Host-Only mode. I > > want to use this rather than Bridging to reduce the possibility of layer 2 > > attacks on my LAN in case Debian gets compromised. For this same reason I > > want to aim the dnat right at the router. > > > > So the VM interface on the host is vboxnet0 with IP 192.168.12.1. The > > hosts outward-looking interface is wlan0 with IP 192.168.11.1, and the > > router is 192.168.11.5. > > > > interfaces: > > net wlan0 detect blacklist,nosmurfs,tcpflags > > local vboxnet0 detect detectnets > > > > zones: > > fw firewall > > net ipv4 > > local ipv4 > > > > masq: > > wlan0:192.168.11.5 192.168.12.0/30 > > > > rules: > > DNAT local net:192.168.11.5 tcp ftp,http > > ACCEPT local net tcp ftp,http,https > > - > > ACCEPT local net udp domain - > > > > ... but it tain't working. with dmesg I get lots of these: > > [178641.995837] martian source 192.168.11.5 from 192.168.12.1, on dev > > vboxnet0 > > [178641.995842] ll header: ff:ff:ff:ff:ff:ff:08:00:27:ca:f8:5c:08:06 > > [178644.651678] martian source 192.168.12.255 from 192.168.12.1, on dev > > vboxnet0 > > [178644.651688] ll header: ff:ff:ff:ff:ff:ff:08:00:27:ca:f8:5c:08:00 > > [178650.947681] martian source 192.168.11.5 from 192.168.12.1, on dev > > vboxnet0 > > [178650.947686] ll header: ff:ff:ff:ff:ff:ff:08:00:27:ca:f8:5c:08:06 > > > > Can't figure out what's wrong. > > > > I'm recommending that people run a Tor relay in a VirtualBox VM with Debian > > SELinux guest, with guest and host running Shorewall, masqueraded through > > the host and aimed straight at the router so no monitoring can take place > > if compromised. > > martians are a routing problem, not a Shorewall configuration problem. > The routing table doesn't route 192.168.12.1 out of vboxnet0.
Oh dear, in that case I have no idea what to do about it. ------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Discover what all the cheering's about. Get your free trial download today. http://p.sf.net/sfu/quest-dev2dev2 _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
