Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Could someone please help me.. I've spent the past 2 days searching and reading and tying and trying to get my MNF 9.0 to work.. I've rebuilt and played and reconfigured and really need some help as I am now going quite mad!!!!
I'm installing MNF on a machine with 3 NIC's and have moved it to my internal LAN with a machine on the LAN side and the rest of my network on the WAN side, including my old gateway. It's configured like this:
eth0 dmz 192.168.9.33 255.255.255.240
eth1 lan 192.168.9.1 255.255.255.224
eth2 wan 192.168.254.1 255.255.255.0
gateway for wan: 192.168.254.2
When I log into the firewall as su I can ping anything on any network and can get DNS resolution. I've tried to add a masq and all sorts of other things, but can't get the machine on the LAN to get anything back from anywhere.. I get REJECT logs from the lan2wan rule, so change that to ACCEPT and it does, but no replies..
Also, here's a copy of the "grep -v ^# /etc/shorewall/{zones,interfaces,masq,policy,rules} |grep -v ^$ > /root/output.txt" command. I've madea few mods, but still can't find anything..
/etc/shorewall/zones:
/etc/shorewall/zones:
/etc/shorewall/zones:lan LAN local_area_network
/etc/shorewall/zones:dmz DMZ demilitarized_zone
/etc/shorewall/zones:wan NET internet
/etc/shorewall/interfaces:
/etc/shorewall/interfaces:
/etc/shorewall/interfaces:dmz eth0 detect
/etc/shorewall/interfaces:lan eth1 detect
/etc/shorewall/interfaces:wan eth2 detect
/etc/shorewall/masq:
/etc/shorewall/masq:
/etc/shorewall/masq:
/etc/shorewall/policy:
/etc/shorewall/policy:
/etc/shorewall/policy:lan all REJECT info
/etc/shorewall/policy:dmz all REJECT info
/etc/shorewall/policy:fw all REJECT info
/etc/shorewall/policy:wan all DROP info
/etc/shorewall/policy:all all REJECT info
/etc/shorewall/rules:
/etc/shorewall/rules:
/etc/shorewall/rules:ACCEPT fw wan tcp 53 -
/etc/shorewall/rules:ACCEPT fw wan udp 53 -
/etc/shorewall/rules:ACCEPT dmz wan udp 53 -
/etc/shorewall/rules:ACCEPT lan wan udp 53 -
/etc/shorewall/rules:REJECT wan fw tcp 113 -
/etc/shorewall/rules:ACCEPT lan fw tcp 22 -
/etc/shorewall/rules:ACCEPT lan fw tcp 8443 -
/etc/shorewall/rules:ACCEPT fw lan icmp 8 -
/etc/shorewall/rules:ACCEPT lan fw icmp 8 -
/etc/shorewall/rules:ACCEPT lan dmz icmp 8 -
/etc/shorewall/rules:ACCEPT dmz lan icmp 8 -
/etc/shorewall/rules:ACCEPT dmz fw icmp 8 -
/etc/shorewall/rules:ACCEPT fw dmz icmp 8 -
/etc/shorewall/rules:ACCEPT lan wan tcp pop3 -
/etc/shorewall/rules:ACCEPT lan wan tcp smtp -
/etc/shorewall/rules:ACCEPT lan wan tcp http -
/etc/shorewall/rules:ACCEPT lan wan tcp https -
/etc/shorewall/rules:ACCEPT lan wan tcp ssh -
/etc/shorewall/rules:ACCEPT lan wan tcp ftp -
/etc/shorewall/rules:ACCEPT lan wan tcp nntp -
/etc/shorewall/rules:ACCEPT fw wan udp ntp -
/etc/shorewall/rules:ACCEPT lan wan tcp imap -
/etc/shorewall/rules:ACCEPT fw wan:20022 tcp ftp -
soz, that's masquerading ip addresses (which is maybe not what you want, though it will be for lan2wan and mebbe wan2dmz). I have never really bothered with just routing as i have never had the need.
MN
Thanks for the help, I tried it all and didn't work.. I've updated the grep output above. I rebuild and got it working from the firewall only.. everything else is basse config..
hmm...i noticed your policy is rather aggressive... try putting in more accepts, maybe that will work - if you do all all accept, what happens?
i tend to start with that and then close up until things stop working. you've probs allready tried that though...you could always check the really obvious things like which nic is which, as it may not always be the one you expect, though it looks as if you're sorted that way. can the machines talk to the firewall?
MN
Yeah, I know what you mean.. These are the default policies and rules though.. I thought I'd leave everthing default as I assumed it should work "out of the box" If I change the lan2wan policy to ACCEPT (with logging), I get and ACCEPT report on the firewall, but still no traffic..
hrmmmmph... this is turning into a very interesting problem!
check /etc/shorewall/shorewall.conf, make sure IP_FORWARDING=On and NAT_ENABLED=Yes
long shot, but it could explain why it's not working
I had the same problem as dsheppard. In the manual for MNF http://www.mandrakelinux.com/en/doc/...l/ch06s04.html it had it in there (lan wan accept). I thought it would work without it too, but it doesn't for me.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
