On Tue,25.Nov.08, 22:59:24, Phillipus Gunawan wrote: > > Hi There, > > As suggested, I change the IP for eth1, but unfortunately, still same result, > but I hope to get a light this time > On Policy, I simply put "ALL ALL ACCEPT" just for a starter, to get this > shorewall working is my priority > Why i am not simply put net.ipv4.ip_forward=1, I want to get this shorewall > up and running..... > > I am using eth0 and connect from other host (e.g. 10.1.1.5, winXp) and set > the gateway and DNS as 10.1.1.4 > No connection, only able to ping 10.1.1.4 .... > > I am still in a BIG question, what I did wrong > I also simply copying the "three-interfaces" example also trying > "two-interfaces", still no luck > > Can anyone guide me?
Maybe > Shorewall version 4.0.14 > Debian Etch > Webmin Version 1.441 > > eth0 -> 10.1.1.4 connected to a router, act as gateway for other hosts > eth1 -> 10.1.2.1 connected to wireless router, not connected at the moment, > just trying to get wired connection working Start with small steps. First try to get it working without eth1, you can allways add it later. > eth2 -> connected to adsl bridged modem, working OK using RP-PPPoE, > outputing ppp0 with correct ip from TPG > > > Shorewall configuration > > Interfaces > #ZONE INTERFACE BROADCAST OPTIONS > net ppp0 - > loc eth0 10.255.255.255 > loc eth1 10.255.255.255 Comment out the eth1 line > Masq > #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC > MARK > ppp0 eth1 > ppp0 eth0 same > Policy > all all ACCEPT > > Zones > fw firewall > net ipv4 > loc ipv4 You also need to set IP_FORWARDING=On in /etc/shorewall/shorewall.conf Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein)
signature.asc
Description: Digital signature
