Also,
make sure you have ip_forwarding enabled, with either shorewall.conf or
sysctl.conf, e.g. :
# /etc/sysct.conf
net.ipv4.ip_forward = 1
OR
#/etc/shorewall/shorewall.conf
IP_FORWARDING=On
On Sun, Aug 3, 2014 at 10:48 PM, johnny bowen <[email protected]> wrote:
> Check tcpdump while the command "ping -c1 -I 172.16.1.10
> google-public-dns-a.google.com" is being run. You'll see that
> google-public-dns-a.google.com is receiving a ICMP request from
> 172.16.1.10. The problem is 172.16.1.10 belongs to a private network so
> google doesn't know how to route back to you.
>
> It's hard to say what you're testing for and what you're trying to
> accomplish, but if you add a rule to masquerade you'll get the results
> you're expecting from your test.
>
> add to /etc/shorewall/masq:
> # /etc/shorewall/masq
> eth0 172.16.1.10
>
>
>
>
>
>
> On Sun, Aug 3, 2014 at 9:44 PM, Dale Greenway <[email protected]> wrote:
>
>> Hello.
>>
>> I'm installing Shorewall on my hosted server.
>>
>> I'm doing stuff step by step so I can understand what does what. I have
>> some trouble with Pings coming from private IP aliases.
>>
>> The server has 2 IPs on its one interface
>>
>> eth0
>> X.15.9.149
>> 172.16.1.10
>>
>> The shorewall config that matters is
>>
>> /etc/shorewall/interfaces
>> net eth0
>> tcpflags,nosmurfs,logmartians=1,routefilter=1,sourceroute=0
>>
>> /etc/shorewall/zones
>> fw firewall
>> net ipv4
>>
>> /etc/shorewall/rules
>> ...
>> Ping(ACCEPT) $FW net
>> ...
>>
>> When I do a
>>
>> ping google-public-dns-a.google.com
>>
>> it works an you can see the ICMP traffic in both directions
>>
>> tcpdump -i eth0 | grep google-public-dns-a.google.com
>> tcpdump: verbose output suppressed, use -v or -vv for full protocol
>> decode
>> listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
>> 21:08:33.138416 IP my.fqdn.me > google-public-dns-a.google.com: ICMP
>> echo request, id 9539, seq 1, length 64
>> 21:08:33.160647 IP google-public-dns-a.google.com > my.fqdn.me: ICMP
>> echo reply, id 9539, seq 1, length 64
>>
>>
>> When I bind the ping to the internal IP address
>>
>> ping -c1 -I 172.16.1.10 google-public-dns-a.google.com
>>
>> it times out. And you only see ICMP traffic in one direction
>>
>> tcpdump -i eth0 | grep google-public-dns-a.google.com
>> tcpdump: verbose output suppressed, use -v or -vv for full protocol
>> decode
>> listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
>> 21:10:41.011189 IP 172.16.1.10 > google-public-dns-a.google.com: ICMP
>> echo request, id 9556, seq 1, length 64
>>
>> I thought since 172.16.1.10 is on the firewall this should work too.
>>
>> I guess I need another rule or masq or nat, right? I'm kindof unclear
>> about the right options in the interface's options too. What do I need to
>> change to make the
>>
>> ping -c1 -I 172.16.1.10 google-public-dns-a.google.com
>>
>> work right?
>>
>> Dale Greenway
>>
>> ____________________________________________________________
>> FREE ONLINE PHOTOSHARING - Share your photos online with your friends and
>> family!
>> Visit http://www.inbox.com/photosharing to find out more!
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Infragistics Professional
>> Build stunning WinForms apps today!
>> Reboot your WinForms applications with our WinForms controls.
>> Build a bridge from your legacy apps to the future.
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Shorewall-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
>
>
------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
