[Shorewall-users] Re: Newbie 2

Tom Eastep teastep at shorewall.net
Sat Aug 9 15:47:06 PDT 2003


Hello Salvatore,

On Sat, 2003-08-09 at 05:39, Salvatore wrote:
> Hi,
> I am the man that are tryng to configure shorewall with a PPTP Adsl Modem on
> a gateway local server.
> 
> Before I want report You a little error in the page
> http://www.shorewall.net/PPTP.htm#PPTP_ADSL
> The link
> 2. Add the following entry to /etc/shorewall/interaces:
> has a little error in word interFaces without a F :)

Thanks!

> 
> 
> I have:
> ADSL PPTP Ethernet Modem on 192.168.1.1
> Eth0 connected to modem: 192.168.1.2
> Eth1 connected on hub/switch: 192.168.2.1
> 
> 
> (
> in /etc/network/interfaces the tho NIC cards are setted:
> auto eth0
> iface eth0 inet static
>         address 192.168.1.2
>         netmask 255.255.255.0
>         network 192.168.1.0
>         broadcast 192.168.1.255
> 
> auto eth1
> iface eth1 inet static
>         address 192.168.2.1
>         netmask 255.255.255.0
>         network 192.168.2.0
>         broadcast 192.168.2.255
> )
> 
> 
> All the configuration to have on shorewall are:
> 
> In: /etc/shorewall/zones
> modem   Modem           The ADSL Modem
> net     Net             Internet
> loc     Local           Local Networks
> 
> In: /etc/shorewall/interfaces
> modem   eth0            192.168.1.255
> net     eth0            detect          dhcp,routefilter,norfc1918
> loc     eth1            detect
> 
> In: /etc/shorewall/tunnels
> pptpclient      modem   192.168.1.1
> 
> 
> 1) Is it all and correct ? Or I have to set something else for the whole
> work of the gateway?

You need change /etc/shorewall/masq as described in the two-interface
QuickStart Guide:

ppp0	eth1

> 
> 
> 2) If I set a rule that I want allow SSH acces from internet to firewall
> does I do:
> 
> Action	Source	Dest	Proto	Port
> ACCEPT	net		fw	tcp	22

That one!

> 
> 3) My Eth1 don't accept any SSH connection from local network, it goes in
> timeout. I have to set something for this ?
> 

Are you seeing any messages being logged? This sounds like a DNS
problem.

-Tom

PS -- in the future, please post your requests for help on the Shorewall
mailing list.
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net



More information about the Shorewall-users mailing list