[solved] Shorewall help with Internet Sharing
I am new with linux so you might have to hold my hand through this.
Trying to set up internet sharing with the Linux machine (it has 2 nics in it, eth0 and eth1). I want the linux box to be the firewall (eth0 out to the net) and an XP machine connecting to the Linux machine's second nic (eth1) via crossover cable to have access to the internet. eth0 IP shouldn't matter eth1 IP = 192.168.2.254 XP Machine IP = 192.168.2.184 XP Gateway = 192.168.2.254 Now without the shorewall firewall installed I was able to run these commands and successfully share internet: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward apt-get install ipmasq dpkg-reconfigure ipmasq Those commands worked fine, but when I installed the shorewall firewall the internet sharing stopped working. I have messed around with the rules/policies/zones with my only success being able to ping 192.168.2.254 from the XP machine. Please help me or guide me to figuring this out. Thank you! |
Remove the ipmasq please.
The steps to configure shorewall are: 1. Define your zones (zones) 2. Interfaces (interfaces) 3. Policy (policy) 4. Rules (rules) 5. Masquerading (masq) After all that you need to enable shorewall to start. For Debian people you do that on: /etc/default/shorewall Then you may ask shorewall to start. Good Luck Caveman |
I got it working by just copying the two-interfaces config example and then adding this to the rules line:
ACCEPT $FW net tcp http Now everything works (I did not remove IPMasq, should I? I don't want to break anything now that it's working) |
The step I gave are to configure shorewall as in that example.
I am wondering how it worked without changing /etc/default/shorewall. Ipmasq use to cause some confusion. Actually, I think this is what now makes work on your case. Because you do not metion the need of seting ip_forward manually. Any way it works. Caveman |
All times are GMT -5. The time now is 03:03 AM. |