Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 05-29-2009, 12:06 PM   #1
Registered: May 2009
Posts: 32

Rep: Reputation: 15
[solved] Shorewall help with Internet Sharing

I am new with linux so you might have to hold my hand through this.

Trying to set up internet sharing with the Linux machine (it has 2 nics in it, eth0 and eth1). I want the linux box to be the firewall (eth0 out to the net) and an XP machine connecting to the Linux machine's second nic (eth1) via crossover cable to have access to the internet.

eth0 IP shouldn't matter
eth1 IP =

XP Machine IP =
XP Gateway =

Now without the shorewall firewall installed I was able to run these commands and successfully share internet:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
apt-get install ipmasq
dpkg-reconfigure ipmasq

Those commands worked fine, but when I installed the shorewall firewall the internet sharing stopped working.
I have messed around with the rules/policies/zones with my only success being able to ping from the XP machine.

Please help me or guide me to figuring this out. Thank you!

Last edited by Zero187; 05-29-2009 at 03:15 PM.
Old 05-29-2009, 12:53 PM   #2
LQ Newbie
Registered: Nov 2004
Posts: 17

Rep: Reputation: 0
Remove the ipmasq please.

The steps to configure shorewall are:
1. Define your zones (zones)
2. Interfaces (interfaces)
3. Policy (policy)
4. Rules (rules)
5. Masquerading (masq)

After all that you need to enable shorewall to start. For Debian people you do that on:

Then you may ask shorewall to start.

Good Luck
Old 05-29-2009, 01:48 PM   #3
Registered: May 2009
Posts: 32

Original Poster
Rep: Reputation: 15
I got it working by just copying the two-interfaces config example and then adding this to the rules line:

ACCEPT $FW net tcp http

Now everything works (I did not remove IPMasq, should I? I don't want to break anything now that it's working)
Old 05-29-2009, 10:51 PM   #4
LQ Newbie
Registered: Nov 2004
Posts: 17

Rep: Reputation: 0
The step I gave are to configure shorewall as in that example.

I am wondering how it worked without changing /etc/default/shorewall.

Ipmasq use to cause some confusion. Actually, I think this is what now makes work on your case. Because you do not metion the need of seting ip_forward manually.

Any way it works.




Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Shorewall, Samba, XP, Internet Sharing - MDK10 dickohead Mandriva 9 06-15-2004 03:32 AM
Problem with internet sharing with mandrake 10 & shorewall woutervdbos Mandriva 8 04-12-2004 09:22 PM
Shorewall Internet Sharing, HELP! timmywo Linux - Networking 2 12-26-2003 01:18 PM
Broadband sharing - shorewall config satimis Linux - Networking 2 11-06-2003 06:41 AM
MDK 9.0, Internet Connection Sharing and Shorewall... deputyjim Linux - Networking 1 11-21-2002 04:14 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:57 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration