It refers here to your wan interface.
Is your wan interface configured by dhcp (does it get an dinamic IP)?
No. My wan interface has static 192.168.15.145 address (which is seen from
outside/internet as public 46.xxx.xxx.xxx address).
So I've changed content of /etc/shorewall/snat to:
SNAT(192.168.15.145) 10.10.10.0/24 enp1s0
but still cannot connect to the Internet from LAN.
Clearly your two-interface setup is not working.So I will ignore the wireless
part of this question.
Ok. I removed wifi configuration from /etc/shorewall files
What is the content of the following files?:
/etc/shorewall/zones
fw firewall
net ipv4
loc ipv4
/etc/shorewall/interfaces
?FORMAT 1
###############################################################################
#ZONE INTERFACE BROADCAST OPTIONS
net enp1s0 detect tcpflags,logmartians,nosmurfs
loc enp3s0f1 detect dhcp
/etc/shorewall/policy
loc net ACCEPT
$FW net ACCEPT
net all DROP info
# THE FOLLOWING POLICY MUST BE LAST
all all REJECT info
/etc/shorewall/rules
# PORT PORT(S)
DEST LIMIT GROUP
?SECTION ALL
?SECTION ESTABLISHED
?SECTION RELATED
?SECTION INVALID
?SECTION UNTRACKED
?SECTION NEW
# Don't allow connection pickup from the net
#
Invalid(DROP) net all tcp
#
# Accept DNS connections from the firewall to the network
#
DNS(ACCEPT) $FW net
#
# Accept SSH connections from the local network for administration
#
SSH(ACCEPT) loc $FW
#
# Allow Ping from the local network
#
Ping(ACCEPT) loc $FW
#
# Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
#
Ping(DROP) net $FW
ACCEPT $FW loc icmp
ACCEPT $FW net icmp
#
#
ACCEPT net $FW tcp
6535
ACCEPT net $FW udp
6534
ACCEPT net $FW tcp
22
/etc/shorewall/stoppedrules
ACCEPT enp3s0f1 -
ACCEPT - enp3s0f1
Regards,
B
W dniu 2018-01-30 o 11:59, Matt Darfeuille pisze:
On 1/30/2018 10:54 AM, Bernard Drozd wrote:
"MASQUERADE should only be used when the DEST interface has a dynamic
IP address. Otherwise, SNAT should be used and should specify the
interface's static address."
So my (/etc/shorewall/snat) configuration should work:
MASQUERADE 10.10.10.0/24 enp1s0
MASQUERADE 10.10.11.0/24 enp1s0
It refers here to your wan interface.
Is your wan interface configured by dhcp (does it get an dinamic IP)?
Note that this has nothing to do with your local network.
since LAN (10.10.10.0/24) and WLAN (10.10.11.0/24) addresses are
dynamically assigned by DHCP.
But it doesn't. I can't connect to the internet from LAN and WLAN. I
don't know where a mistake is.
As said on:
http://shorewall.org/two-interface.htm#Wireless
"Once you have the two-interface setup working ..."
Clearly your two-interface setup is not working.
So I will ignore the wireless part of this question.
What is the content of the following files?:
/etc/shorewall/zones
/etc/shorewall/interfaces
/etc/shorewall/policy
/etc/shorewall/rules
/etc/shorewall/stoppedrules
P.S. Please send through the list.
-Matt
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
