[Shorewall-users] Is working only inside eth1...

Tom Eastep teastep at shorewall.net
Sat Apr 3 13:51:05 PST 2004

Mauricio Cavalcanti wrote:

> Sorry twice. When i told the problem to administrator and that i was 
> thinking to put in
> list to get help, he ask me to fake ip addresses. Really sorry.
> ETH0: external interface and ip address
> ETH1: internal interface and ip address
> So, loc: is right, but fw: is a crazy thing.
> Thanks!

No -- loc: is nonsense if the address of an 
interface on the firewall. All IP addresses owned by the firewall are in 
the fw zone!

> is a e-mail (smtp and pop) and http (webmail) server.
> All of services must run in eth1 ip address (don´t ask me why, but have 
> to).

I don't understand what that means.

> If i´m in firewall console, i ping everything (eth0, eth1, inside 
> network and internet).


> If i´m in Windows machine connected to eth1, i ping eth0 and eth1 
> firewall interfaces,
> but i cannot see or ping internet until i put "eth1 eth0" line in masq 
> files and reload
> shorewall. That´s why i think it´s not a router, but a firewall problem.

No, it is *not* a firewall problem. Adding SNAT compensates for routing 

> Nobody in internet see eth1, but ping eth0.

It's a routing problem.

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

More information about the Shorewall-users mailing list