LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-31-2005, 10:50 AM   #1
b0nd
Senior Member
 
Registered: Jan 2005
Distribution: Slackware, BackTrack, Windows XP
Posts: 1,020

Rep: Reputation: 45
configuring shorewall on slackware


Hello all,
I've two systems on lan.
Let us assume that the one which has modem be sys1 and the second one be sys2.
i've dial up connection to the internet.
Now i'm trying to configure shorewall on my sys1 so that i can access internet from my sys2 also using sys1 as gateway.
......................................
using "netconfig" on both the systems i've set the ip address.
sys1 192.168.0.1
sys2 192.168.0.2

both systems are pinging each other perfectly.
......................................

Its for the first time that i'm trying to configure shorewall so i'm not very much confident with the entries which i made in
****/etc/shorewall/"various files"****


.......................................
Code:
root@bond:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:A1:B0:10:19:2E
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:50 errors:0 dropped:0 overruns:0 frame:0
          TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4444 (4.3 Kb)  TX bytes:3108 (3.0 Kb)
          Interrupt:10 Base address:0xcc00

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

ppp0      Link encap:Point-to-Point Protocol
          inet addr:61.95.216.58  P-t-P:202.56.24.135  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:591 errors:0 dropped:0 overruns:0 frame:0
          TX packets:669 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:258482 (252.4 Kb)  TX bytes:87850 (85.7 Kb)

root@bond:~#
Code:
root@bond:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
202.56.24.135   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         202.56.24.135   0.0.0.0         UG    0      0        0 ppp0
root@bond:~#

Entries in /etc/shorewall/interfaces
Code:
##############################################################################
#ZONE	INTERFACE	BROADCAST	OPTIONS
net	ppp0		   -		routefilter,norfc1918,tcpflags
loc	eth0		   -		tcpflags
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Entries in /etc/shorewall/masq
Code:
#############################################################################
#INTERFACE		SUBNET		ADDRESS		PROTO	PORT(S)	IPSEC
ppp0			eth0
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

/etc/shorewall/policy
Code:
###############################################################################
#SOURCE		DEST		POLICY		LOG LEVEL	LIMIT:BURST
loc		net		ACCEPT
# If you want open access to the Internet from your Firewall 
# remove the comment from the following line.
fw		net		ACCEPT
net		all		DROP		info
# THE FOLLOWING POLICY MUST BE LAST
all		all		REJECT		info
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

/etc/shorewall/shorewall.conf
Code:
# If left blank, or set to "No" or "no", the option is not enabled.
#
CLAMPMSS=Yes

/etc/shorewall/zones
Code:
#ZONE	DISPLAY		COMMENTS
net	Net		Internet
loc	Local		Local Networks
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

where am i missing something?????.............b'coz my sys2 can't connect to internet through sys1 as gateway.......


route -n on sys2
Code:
root@bond:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     0.0.0.0         255.255.255.0       U       0        0        0  eth0
127.0.0.0       0.0.0.0         255.0.0.0             U        0      0         0 lo
0.0.0.0         192.168.0.1   0.0.0.0              UG    0      0          0 eth0
root@bond:~#
thanx in adv. to all of u who will be trying to sort out the problem..

regards
 
Old 08-31-2005, 01:14 PM   #2
achal
LQ Newbie
 
Registered: Jan 2005
Location: indore
Distribution: fedora
Posts: 25

Rep: Reputation: 15
i am running shorewall myself on my systems other two systems are connected via line
as far as shorewall is concerned main thing u have to decide is the policy
following is the entry from /etc/shorewall/policy
see if it helps u
##############################################################################
#SOURCE DEST POLICY LOG LIMIT:BURST
# LEVEL
loc net ACCEPT
loc fw ACCEPT
fw net ACCEPT `
fw loc ACCEPT
net all DROP info
#
# THE FOLLOWING POLICY MUST BE LAST
#
#all all REJECT info
 
Old 08-31-2005, 08:43 PM   #3
masand
LQ Guru
 
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522

Rep: Reputation: 58
2 things

1.have u specified the correct DNS option in sys2
2. what do u get for
cat /rpoc/sys/net/ipv4/ip_forward
on sys1

regards
 
Old 08-31-2005, 10:46 PM   #4
b0nd
Senior Member
 
Registered: Jan 2005
Distribution: Slackware, BackTrack, Windows XP
Posts: 1,020

Original Poster
Rep: Reputation: 45
Quote:
Originally posted by masand
2 things

1.have u specified the correct DNS option in sys2
2. what do u get for
cat /rpoc/sys/net/ipv4/ip_forward
on sys1

regards
1>> How should i set the DNS option on sys2 ????.........is it the same as "nameserver" option during "netconfig" ???
And how should i check what settings i made during "netconfig" ???

2>> the output of cat/proc/sys/net/ipv4/ip_forward is..........'1'.

regards
 
Old 09-01-2005, 11:17 AM   #5
masand
LQ Guru
 
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522

Rep: Reputation: 58
check out ur
/etc/resolv.conf
u should have
nameserver <DNS ip>

regards
 
Old 09-01-2005, 01:04 PM   #6
b0nd
Senior Member
 
Registered: Jan 2005
Distribution: Slackware, BackTrack, Windows XP
Posts: 1,020

Original Poster
Rep: Reputation: 45
Thanx a lot Mr. masand.
My both systems are now on internet....

But i've few doubts.
have a look at the following....


Code:
root@bond:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:A1:B0:10:19:2E
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:366 errors:0 dropped:0 overruns:0 frame:0
          TX packets:337 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:43718 (42.6 Kb)  TX bytes:206156 (201.3 Kb)
          Interrupt:10 Base address:0xcc00

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:88 errors:0 dropped:0 overruns:0 frame:0
          TX packets:88 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:5892 (5.7 Kb)  TX bytes:5892 (5.7 Kb)

ppp0      Link encap:Point-to-Point Protocol
          inet addr:61.246.240.85  P-t-P:202.56.24.135  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:1050 errors:1 dropped:0 overruns:0 frame:0
          TX packets:1180 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:465397 (454.4 Kb)  TX bytes:129418 (126.3 Kb)

root@bond:~#
some one once told me that the entry
Code:
P-t-P:202.56.24.135
in ppp0 shows the ip of your ISP..
so accordingly i was using it as the default DNS
But now when i opened /etc/resolv.conf i found the following entries.

Code:
root@bond:~# cat /etc/resolv.conf
search slachome
nameserver 202.56.24.135
nameserver 202.56.224.135       #kppp temp entry
nameserver 202.56.224.132       #kppp temp entry
root@bond:~#
so accordingly in "sys2" i changed the entries in /etc/resolv.conf and make it to 202.56.224.135.
and now it too can access the internel.

But now the question is how am i suppose to know the DNS ???

Thanx a lot

regards
 
Old 09-01-2005, 01:45 PM   #7
achal
LQ Newbie
 
Registered: Jan 2005
Location: indore
Distribution: fedora
Posts: 25

Rep: Reputation: 15
i think ur nameserver is
202.56.224.135 its an ip of the isp u are using
 
Old 09-02-2005, 05:12 AM   #8
masand
LQ Guru
 
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522

Rep: Reputation: 58
Please do not post public IPs as that u have posted !!

also DNS IP are fixed and the IP of ur ISP is the gateway for ur machine connected to the internet

if u connect directly to the internet then KPPP automiaticlly adds the DNS ips in resolv.conf and if u assign IP address using DHCP to clients then ur cleints won't require to add the DNS ip

regards
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
configuring shorewall (firewall) mrbig Linux - Software 2 09-09-2005 11:15 AM
Need help configuring shorewall and valknut Pedia Linux - Networking 0 09-01-2005 09:44 AM
Configuring shorewall NNP Linux - Security 4 06-16-2005 04:43 AM
Configuring Shorewall? unixfreak Linux - Security 1 08-22-2004 12:24 AM
Configuring Shorewall jriis Linux - Security 1 11-03-2003 01:09 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 10:15 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration