Hi all, install a shorewall 4 on a debian squeeze, configure the
interfaces and the files, but I can not have internet on the local
network.
I can connect to the shorewall pc from outside and from the local
network, I can connect to internet from the shorewall pc so I'm sure I
have something misconfigured.
ip route command throws me the following
192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.1
xxx.xxx.xxx.0/24 dev eth0 proto kernel scope link src xxx.xxx.xxx.200
default via xxx.xxx.xxx.1 dev eth0
default via 192.168.2.1 dev eth1 scope link
ifconfig
eth0 Link encap:Ethernet HWaddr
inet addrxx.xxx.xxx.200 Bcastxx.xxx.xxx.255 Mask:255.255.255.0
inet6 addr: fe80::219:d1ff:fedd:afd1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2374 errors:0 dropped:0 overruns:0 frame:0
TX packets:110 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:284690 (278.0 KiB) TX bytes:13739 (13.4 KiB)
Interrupt:19 Base address:0x2100
eth1 Link encap:Ethernet HWaddr
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::227:19ff:feb1:6b69/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:204 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:17521 (17.1 KiB) TX bytes:468 (468.0 B)
Interrupt:17 Base address:0x2000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:560 (560.0 B) TX bytes:560 (560.0 B)
In shorewall:
interfaces file:
===================
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect dhcp
loc eth1 detect bridge
policy file:
===============
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
#loc net ACCEPT
#net all DROP info
# THE FOLLOWING POLICY MUST BE LAST
#all all REJECT info
fw all ACCEPT
all all REJECT info
net all DROP info
rules file:
=============
#ACTION SOURCE DEST PROTO DEST SOURCE
ORIGINAL RATE USER/ MARK
# PORT PORT(S)
DEST LIMIT GROUP
#
# Accept DNS connections from the firewall to the network
#
ACCEPT net $FW tcp 22
ACCEPT loc net tcp 20,21,22,25,43,53,63
ACCEPT loc net tcp 110,123,143,443,465
ACCEPT loc net tcp 587,993,995
ACCEPT loc net udp 43,53,63,123
REDIRECT loc 8080 tcp 80,8080
ACCEPT loc fw tcp 20,21,22,53,67,68,80,10000
ACCEPT loc fw udp 53,67,68
Ping(ACCEPT) net $FW
Ping(ACCEPT) loc $FW
Ping(ACCEPT) loc net
masq file:
=============
eth0 192.168.2.0/24
Hope someone can help me out with this.
Regards
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
