Newbie questions on fw & routing.

fipeso · 04-25-2005, 02:53 PM

Hi,
Im not sure if I should had post this question in newbie section or here.
If im at the wrong place, im very sorry.

So I got a PC with two nic's. Installed Ubuntu on it and Shorewall (http://www.shorewall.net/)

Now with a M$ user and Linux newbie, I thought this be like XP connection sharing, where I get DHCP and routing fixed at the same time.

But it seems that this is not the case.

So I set manual IP addresses on LAN side, and used route add & route del commands to get stuff working. (I have one workstation on my LAN

)

Now it DOES work but I just want to ask you guys if im doing things "the right way".

1) So am I correct to assume that iptables (Shorewall) has nothing to do with routing?
2) That is why I have to use the "route add" to set routing to work.
3) If I want to use DHCP on the LAN, I have to install a dhcp server on my fw (or an other server (I dont have other server

)).
4) What should I do for DNS? I have dynamic ISP IP.

Thank you.

acid_kewpie · 04-25-2005, 03:20 PM

1) iptables IS routing.
2) no, that's just your local network, not the routing ontop of it.
3) well of course yes.
4) use their dns servers... if you want local, i'd suggest dnsmasq for a REALLY simple dns proxy

fipeso · 04-25-2005, 04:25 PM

This is a bit confusing to me.

I could not get to the Internet with the "fw" or "client" PC, before I deleted the default routes on the "fw", and added a new default route to ISP router on the "fw".
(For some reason the "fw" wanted to go out on LAN side to

)

I also added my old WLAN router on the LAN. My kids 2 win98 PC's are connected to the WLAN LAN ports. The WLAN router is a NAT router also.

So my Linux LAN is10.0.0.0 and the WLAN is 192.168.11.0.

To get the WLAN PC's to get to the Inet via my Linux LAN, I set manual IP 10.0.0.100 on the WAN side of WLAN, with static DNS from ISP and my "fw" as default gw. That worked ok.

Then I wanted to "add" routing from the 10.0.0.0 to 192.168.11.0 so I added on the "fw" a route to 192.168.11.0 with "route add".

Now I can ping with the win98 pc from 192.168.0.2 to my linux "fw" and "client" ok.

Now should I have done that some other way, than "route add" ?
Or maybe "route add" just alters the iptables also

I dont know how I could have done it with Shorewall though.

*edit* I just noticed that the "route add" thing does not either survive Linux boot, or then Shorewall removes my 192.168.11.0 addition when I restart the firewall. So I guess I have to define the 192.168.11.0 in Shorewall some how