Lovely, it seems I skipped over that part of the `basic two interface
firewall` page. It's working fine now, thank you.
On 10 May 2018 at 22:27, Huy Bui <h...@monterpoint.com> wrote:
> You'll need to change /etc/shorewall/snat for your internal subnet. It
> replace the masq file.
> Hope this help.
> Huy
>
> On Thu, 10 May 2018, 21:05 David Ventura, <davidventur...@gmail.com>
> wrote:
>
>> Hi
>> I am setting up shorewall as my router but currently I can't connect to
>> anything on the `net` from machines on `loc`. I am running shorewall
>> 5.0.15.6-1 on armbian, kernel 4.14.14, aarch64.
>>
>> Things I checked:
>>
>> * I can access stuff on the `net` just fine from the firewall
>> * I Set IP_FORWARDING=Yes in /etc/shorewall/shorewall.conf.
>>
>> I can connect from the `net` to the `fw`. I have dnsmasq on the firewall
>> and I am currently getting proper DHCP and DNS. I can ping both the (fw)
>> LAN address (192.168.2.1) and the WAN address (192.168.1.113) from the
>> machines on `loc`.
>>
>> The firewall can access internet properly, but anything on `loc` just
>> gets the packets (tcp, udp, icmp) dropped.
>>
>> I am missing ` /etc/shorewall/masq` but it was not provided on
>> `/usr/share/doc/shorewall/examples` by the debian package.
>>
>> My interfaces file
>>
>> net wan dhcp,tcpflags,nosmurfs,routefilter,logmartians,
>> sourceroute=0
>> loc lan0 dhcp,tcpflags,nosmurfs,routefilter,logmartians
>>
>> =====================
>> On my rules I have
>>
>> ACCEPT loc net tcp
>> ACCEPT loc net udp
>> ACCEPT loc net icmp
>>
>> ACCEPT $FW loc all
>>
>> ======================
>> Policy (default)
>>
>> loc net ACCEPT
>> net all DROP info
>> # THE FOLLOWING POLICY MUST BE LAST
>> all all REJECT info
>>
>> What am I doing wrong?
>> Also - I am not getting anything on /var/log/messages - no idea why,
>> even tried to do `shorewall debug restart` but no dice.
>>
>> David
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot______
>> _________________________________________
>> Shorewall-users mailing list
>> Shorewall-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
--
*Stack* is the new term for "I have no idea what I'm actually using".
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
