Hi, i need some help to configure firewall/router in Mandriva Linux.

I have installed Mandriva Linux on a machine which is suposed to be router
/firewall. I installed even shorewall during the installation of the system (i was asked if my computer was firewall computer). I use only text based installation of the Linux because I don't have appropriate graphic card and for me this is not very important. I have two network cards eth0 and eth1 in the router/firewall computer. The Mandriva firewall computer is connected to internet with eth1, and for local networking i used eth0.

The problem is: eth1 works fine and I got IP address from my internet provider but I can't "ping" computers in the local networks they don't have connection for some reason through eth0 card.

I have two questions:
1. how to configure local network?
2. how to dedicate ip addresses to computers in the local network so that they "remember" their ip addresses after they reboot?

I am very beginner and any answer is appreciated.

I would stongly recommend using webmin on headless boxes.

I run mandrake, redhat, deb servers and use it on them all.

REally nice to solve problems like this.

Regards
Richard

Please explain little bit more is webmin some program and where to find it?

What do you mean "headless boxes"? I am not native english speaker so it is new expression:

look around for webmin in the package installer. and i cant remeber but once installed go to you browser and type something LIKE localhost:100000 . i know i may be wrong there. and it will ask you to login and click on what every you want and configure to your likings

headless means no video, keyboard or mouse plugged in.

www.webmin.com. you can use the wget command to pull the file down once you finally get to the link with the file.

ok, now to your problem, which im not quite understanding whats wrong here.

are you saying, the firewall cannot ping hosts on your local network, or are you saying that hosts cannot ping each other on your local network? you might want to do an

iptables -L

and post us the output.

can hosts ping the eth0 interface ip? (hosts *do* have ip addreses, yes?)
do hosts have the eth0 ip set as their default gateway?
can the firewall ping out to the internet?

I am using "shorewall"; now I can ping eth0, eth1 on Linux - firewall computer from my windows xp computer, i can ping from the Linux computer to the windows computer, i can start "Lynx" text webbrowser and go to the internet from the Linux computer but I can't reach the Internet from the windows computer : ( This is the last problem which I have to solve.

Any suggestions?

The linux / shorewall box has to be configured to forward ipv4 packets, and you will also need to enable NAT (called masquerading by shorewall). shorewall has very good documentation (sometimes in a shorewall-doc type package) There's an explanation for a standard 2-nic setup. and an explanation of NAT (masq) setup.

I have tried 2 network adapters example for shorewall but it didn't worked so something is missing.

Is IPv4 forwarding configured?

I don't think so, I have used basic example of router with two adapters

You will need to enable it; search the shorewall docs for the apropriate config file setting (I'm not at my system now), or for a quick and dirty test, "echo 1 > /proc/net/..." (I don't recall the precise name of the ipv4 flag in the proc filesystem).

there is a file which is called "masq" in the etc/shorewall catalogue and settings are as they are in the manual, but now I have another problem, when booting I got the message "shorewall version 1.2.12 does not work with kernel 2.2.20" now I use Debian, which version of shorewall do I need?

with debian you get Iptables for both firewall and NAT. That does a fine job.

If you are using KDE, Guarddog is an excellent gui for the firewall setup while Guidedog sets up the NAT (IP Masquerading) quite easily.

for text mode, search for how tos on Iptables or ipchains (for debian with older kernels)

I have tried

echo 1 > proc/sys/net/ip4/ip_forward

but nothing happened