[solved] Shorewall help with Internet Sharing
 

I am new with linux so you might have to hold my hand through this.

Trying to set up internet sharing with the Linux machine (it has 2 nics in it, eth0 and eth1). I want the linux box to be the firewall (eth0 out to the net) and an XP machine connecting to the Linux machine's second nic (eth1) via crossover cable to have access to the internet.

eth0 IP shouldn't matter
eth1 IP = 192.168.2.254

XP Machine IP = 192.168.2.184
XP Gateway = 192.168.2.254

Now without the shorewall firewall installed I was able to run these commands and successfully share internet:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
apt-get install ipmasq
dpkg-reconfigure ipmasq

Those commands worked fine, but when I installed the shorewall firewall the internet sharing stopped working.
I have messed around with the rules/policies/zones with my only success being able to ping 192.168.2.254 from the XP machine.

Please help me or guide me to figuring this out. Thank you!

Remove the ipmasq please.

The steps to configure shorewall are:
1. Define your zones (zones)
2. Interfaces (interfaces)
3. Policy (policy)
4. Rules (rules)
5. Masquerading (masq)

After all that you need to enable shorewall to start. For Debian people you do that on:
/etc/default/shorewall

Then you may ask shorewall to start.

Good Luck
Caveman

I got it working by just copying the two-interfaces config example and then adding this to the rules line:

ACCEPT $FW net tcp http

Now everything works (I did not remove IPMasq, should I? I don't want to break anything now that it's working)

The step I gave are to configure shorewall as in that example.

I am wondering how it worked without changing /etc/default/shorewall.

Ipmasq use to cause some confusion. Actually, I think this is what now makes work on your case. Because you do not metion the need of seting ip_forward manually.

Any way it works.

Caveman