Ok, so my new ISP set me up "without a dialer" without asking me, and although I've asked them to change it back, the "request" takes around 3 business days and in the meantime I'm going crazy not being able to use my other PCs at home.
Shorewall works great when my internet connection is on ppp0, but I'm really struggling to get my routing working when the internet is on eth0 and local network on eth0:0. I'm guessing the reason is because right now eth0 and eth0:0 are in the same zone, and you can't use ethx:x style aliases in the /etc/shorewall/interfaces file. My current non working setup looks like this: In /etc/shorewall/masq: ppp+ 192.168.0.0/255.255.255.0 eth0 192.168.0.0/255.255.255.0 In /etc/shorewall/interfaces: net ppp+ detect loc ppp0 detect loc eth0 detect But I can't reach the 'net from other systems: [EMAIL PROTECTED] gadi]# traceroute www.google.com traceroute: Warning: www.google.com has multiple addresses; using xx.xx.xx.xx traceroute to www.l.google.com (64.233.183.99), 30 hops max, 38 byte packets 1 zion (192.168.0.8) 7.584 ms 9.141 ms 6.562 ms 2 zion (192.168.0.8) 7.955 ms 8.005 ms 1.155 ms [EMAIL PROTECTED] gadi]# [EMAIL PROTECTED] www]$ ping www.google.com PING www.l.google.com (64.233.183.147) 56(84) bytes of data. >From zion (192.168.0.8) icmp_seq=1 Destination Host Unreachable With zion of course being the Linux system connected to the Internet. It's running Mandriva 2006 (a red-hat derivative). For the record, the internet *has* to be on eth0 because dhclient can't handle eth0:0 type addresses (or atleast not when called from ifcfg- scripts). And yes, I've read all the relevant shorewall FAQs and documentation, nothing describes my case exactly, and the I haven't been able to apply anything I read there successfully. $ cat /proc/sys/net/ipv4/ip_forward 1 Any help would be greatly appreciated. Also once I'm back to using a dialer, I started writing a guide to using openl2tpd to connect via cable here... unlike the other year old guides I found describing antiquated software that is no longer maintained, open2ltpd is updated regularly, uses the kernel for its datapath making it much faster (but I guess for small networks you won't notice the difference) and the kernel module will be included in future kernel releases. Thanks guys Gadi -- Gadi Cohen aka Kinslayer <[EMAIL PROTECTED]> www.wastelands.net Freelance admin/coding/design HABONIM DROR linux/fantasy enthusiast KeyID 0x93F26EF5: 256A 1FC7 AA2B 6A8F 1D9B 6A5A 4403 F34B 93F2 6EF5
