LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-17-2003, 11:32 AM   #1
timmywo
Member
 
Registered: Nov 2003
Location: London UK
Distribution: CentOS 5
Posts: 68

Rep: Reputation: 15
Unhappy Shorewall Internet Sharing, HELP!


Hi guys

Im really stuck with this one, so i hope you can help me.

I have...

ADSL Router IP:100.100.100.1

RedHat9 Server
Shorewall - firewall
eth0 IP:100.100.100.10 --> ADSL Router
eth1 IP:192.168.1.1 --> Switch

Win 2000 computer
1 NIC IP:192.168.1.2 --> Switch


I wont to share the internet form the Server to the 2k computer and have a firewall. So i got Shorewall, i set it up fine.

I can...

Browse the internet form the server
Go throw the Lan with Samba to share files (i set Shorewall so i could)

I cant...

Browse the internet from the 2k computer
Its gateway is -- 192.168.1.1
Its DNS server is -- 100.100.100.1


I dont no what to do!? I have found details on how to get IP forwarding to work with data from the internet to a client, but not how to get a client throw the server to the internet. Im starting to think that i am missing something or im barking up the wrong tree.

Below is my Shorewall Rules file...

Code:
##############################################################################
#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE	ORIGINAL		RATE	USER
#							PORT	PORT(S)	DEST			LIMIT	SET
#
#	Accept DNS connections from the firewall to the network
#
ACCEPT		fw		net		tcp	53
ACCEPT		fw		net		udp	53
#
#	Accept SSH connections from the local network for administration
#
ACCEPT		loc		fw		tcp	22
#
#	Allow Ping To And From Firewall
#
ACCEPT		loc		fw		icmp	8
ACCEPT		net		fw		icmp	8
ACCEPT		fw		loc		icmp	8
ACCEPT		fw		net		icmp	8
#
#allow vnc on :1 -Tim
ACCEPT 		loc 		fw 		tcp 	5901
#
#allow samba to work -Tim
ACCEPT  	fw		loc		udp  	137:139      
ACCEPT 		fw		loc		tcp     137,139,445    
ACCEPT 		fw		loc		udp	1024: 137  
ACCEPT		loc		fw		udp	137:139    
ACCEPT	 	loc		fw		tcp     137,139,445    
ACCEPT		loc		fw		udp	1024: 137
#
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
Below is the Policy file...

Code:
###############################################################################
#SOURCE		DEST		POLICY		LOG LEVEL	LIMIT:BURST
loc		net		ACCEPT
# If you want open access to the Internet from your Firewall 
# remove the comment from the following line.
fw		net		ACCEPT
net		all		DROP		info
# THE FOLLOWING POLICY MUST BE LAST
all		all		REJECT		info
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

Please help guys!!!

THANKS
 
Old 12-25-2003, 08:23 PM   #2
meks
Member
 
Registered: Jul 2003
Location: AT, Upper Austria
Posts: 33

Rep: Reputation: 15
add the following lines to your /etc/shorewall/policy file and try again:

loc $FW ACCEPT -
$FW loc ACCEPT -
net $FW ACCEPT -

1) allow traffic from loc-zone to the firewall itself (192.168.1.1 in your case)
2) allow vice versa - from the firewall to the loc-zone
3) allow traffic from the net to the firewall

please note that you will need to specifiy which ports your clients in the loc-zone will be able to connect to. (21 for ftp, 110 for pop3, ...)
alternatively, you may want to accept all ports.

also check if your interface with the ip 192.168.1.1 (eth1) is quoted in the interfaces-file.

if this won't work, try posting some iptables-output (iptables -nL)
 
Old 12-26-2003, 01:18 PM   #3
timmywo
Member
 
Registered: Nov 2003
Location: London UK
Distribution: CentOS 5
Posts: 68

Original Poster
Rep: Reputation: 15
Thanks for your reply.

I waited for a reply to this post and while i was i found Firestarter, and it set it all up for me - a great program.

Thanks again Tim
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Shorewall Will Not Allow Samba Internet Access rrrssssss Linux - Networking 1 12-10-2005 06:10 AM
Shorewall, Samba, XP, Internet Sharing - MDK10 dickohead Mandriva 9 06-15-2004 03:32 AM
Problem with internet sharing with mandrake 10 & shorewall woutervdbos Mandriva 8 04-12-2004 09:22 PM
Broadband sharing - shorewall config satimis Linux - Networking 2 11-06-2003 06:41 AM
MDK 9.0, Internet Connection Sharing and Shorewall... deputyjim Linux - Networking 1 11-21-2002 04:14 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:34 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration