LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
Reload this Page Shorewall Problems :: Multi-IP ::
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 02-07-2005, 01:14 PM   #1
teknion
LQ Newbie
 
Registered: Feb 2005
Posts: 1

Rep: Reputation: 0
Shorewall Problems :: Multi-IP ::

So I am trying to get a firewall up at work using Shorewall 2.2 / Mandrake RC 1, where we have multi-ips assigned to a single machine....

Now at one point I had Shorewall and Mandrake configured and it was working... this was our setup essentially (I'll use 192.0.0.x as out external IP addresses)

In ifconfig:

eth0 192.0.0.202 nmask 255.255.255.248
eth0:1 192.0.0.203 nmask 255.255.255.248
eth1 10.10.10.10 nmask 255.255.255.0


So when I have the network up like this, I can ping both .202 and .203 from the outside.

Now I got shorewall working so that any web requests from .203 were going to this machine: 10.10.10.13 . Here's a rough outline of the shorewall config I had

Policy: Block everything from everywhere
Rules: allow ICMP/HTTP from inside and out....
Nat: anything from .203 goes to 10.10.10.13

Everything was beautiful and on the way to success... Web requests were making their way to the .13 machine.

Now everytime I rebooted Mandrake, the DNS entries would disapear... So since my co-worker is familiar with Fedora, I got convinced to replace the distro the very next day....

So I was a good planner and copied all the Shorewall configs onto a floppy...

After Fedora was installed, I recreated the configurations for the NIC's, installed Shorewall, and copied my config files to the dir, and started shorewall

What ended up happening is not being able to reach/ping .203 from outside.... What's more, is that each time I start shorewall, the eth0:1 config gets erased. And I can't re-enter it with ifconfig until shorewall is stopped (ifconfig gives me an error about not being able to assign the address to the interface or something).....

So after fooling around, I figured out that if I took out the NAT entry in shorewall (.203 -> 10.10.10.13) and restarted, everything worked.... Unfortunately that meant the .203 pings were ending up at the firewall box and not the .13 box.

So then I decided to reinstall Mandrake and to get it back to its old working status.

Well, with the same exact Mandrake install as before, the same shorewall rpm, and the same config files from the floppy, Mandrake does the same thing as Fedora did, so I can't even replicate what I had working initially.

So now, I'm quite frustrated, and have no clue what to try or do? Any help would be greatly appreciated
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
shorewall config question with /etc/shorewall/rules peter72 Linux - Networking 3 01-01-2007 09:33 PM
Problems with shorewall and fairnat aluzumbabas Linux - Newbie 2 07-05-2005 05:31 PM
More Multi-boot problems quercusalba Red Hat 1 11-07-2004 12:10 AM
linux shorewall/firewall problems robokiller Linux - Networking 6 10-11-2004 07:03 PM
Problems With Shorewall 2.0 zirconyl Linux - Software 4 09-30-2004 12:45 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 08:38 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration