[Shorewall-users] Is working only inside eth1...

Tom Eastep teastep at shorewall.net
Sat Apr 3 13:51:05 PST 2004


Mauricio Cavalcanti wrote:

> Sorry twice. When i told the problem to administrator and that i was 
> thinking to put in
> list to get help, he ask me to fake ip addresses. Really sorry.
> 
> ETH0: external interface and ip address 146.164.26.22
> ETH1: internal interface and ip address 146.164.54.1
> 
> So, loc:146.164.54.1 is right, but fw:146.164.54.1 is a crazy thing.
> Thanks!

No -- loc:146.164.54.1 is nonsense if 146.164.54.1 the address of an 
interface on the firewall. All IP addresses owned by the firewall are in 
the fw zone!

> 
> 146.164.54.155 is a e-mail (smtp and pop) and http (webmail) server.
> 
> All of services must run in eth1 ip address (don´t ask me why, but have 
> to).

I don't understand what that means.

> 
> If i´m in firewall console, i ping everything (eth0, eth1, inside 
> network and internet).

Fine.

> 
> If i´m in Windows machine connected to eth1, i ping eth0 and eth1 
> firewall interfaces,
> but i cannot see or ping internet until i put "eth1 eth0" line in masq 
> files and reload
> shorewall. That´s why i think it´s not a router, but a firewall problem.

No, it is *not* a firewall problem. Adding SNAT compensates for routing 
problems.

> 
> Nobody in internet see eth1, but ping eth0.
> 

It's a routing problem.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net



More information about the Shorewall-users mailing list