anp66 Posted April 14, 2004 Report Share Posted April 14, 2004 Hi super users I've have a problem when Shorewall firewall is active. In that situation it is impossible to ping the Mandrake (9.1) box from an XP client in the same network. I've had used the "Internet sharing" button to share the internet connection between Mandrake and XP box. I've thing that "Internet sharing" thing use Shorewall. The situations is this: When I've disconnect Shorewall, ping (and Samba) works, but the "Internet sharing" doesn't. :o When I've use "Internet sharing" button the sharing thing works B) , but I've can't ping from XP to Mandrake. In both situations I've can ping from Mandrake to XP. The Mandrake box have 2 netcards. A "red" one connected to the world (internet) and a "green" one (192.168.1.1). The XP box have a "green" netcard 192.168.1.253. IP address not static but optained from Mandrake (DHCP). How do I've setup Shorewall so the XP box can ping Mandrake ? Another (bad) solution: How do i share the internet connection without using Shorewall ? Hope someone can put me in the right direction. Best regards Anders Quote Link to comment Share on other sites More sharing options...
anp66 Posted April 14, 2004 Author Report Share Posted April 14, 2004 Hi Again I've got confused over alle thise configurations files so I've started all ower, then I've get rid off the duplicated rules. So here are the new clean files. [root@MyServer shorewall]# more masq eth1 192.168.1.0/255.255.255.0 [root@MyServer shorewall]# more zones net Net Internet zone masq Masquerade Masquerade Local loc Local Local [root@MyServer shorewall]# more interfaces net eth1 detect masq eth0 detect [root@MyServer shorewall]# more rules ACCEPT masq fw tcp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp - ACCEPT masq fw udp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp - ACCEPT fw masq tcp 631,515,137,138,139 - ACCEPT fw masq udp 631,515,137,138,139 - [root@MyServer shorewall]# more policy masq net ACCEPT loc net ACCEPT fw net ACCEPT net all DROP info all all REJECT info I've thing the changes shoud be done in the configuration files: rules and policy Best regards Anders Quote Link to comment Share on other sites More sharing options...
anp66 Posted April 15, 2004 Author Report Share Posted April 15, 2004 I've finely got things working, that is Shorewall, Internet Sharing & Samba (Connect to XP client). For your information here is what I've did. Basicly this link was followed: http://www.shorewall.net/two-interface.htm In short: Remove old shorewall rpm's clean /etc/shorewall directory Install new shorewall rpm's (rpm -ivh --nodeps shorewall-2.0.1-1.noarch.rpm) cp the two-interface sample files to /etc/shorewall directory Edit the files as described There is the result, ETH0 is the local netcard, ETH1 is the nectard connected to the world. zones: #ZONE DISPLAY COMMENTS net Net Internet loc Local Local Networks #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE interfaces: #ZONE INTERFACE BROADCAST OPTIONS net eth1 detect dhcp,routefilter,norfc1918,tcpflags loc eth0 detect tcpflags #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE policy: #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST loc net ACCEPT # Next line is AP line loc fw ACCEPT # If you want open access to the Internet from your Firewall # remove the comment from the following line. fw net ACCEPT net all DROP info # THE FOLLOWING POLICY MUST BE LAST all all REJECT info #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE rules: #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # PORT PORT(S) DEST LIMIT GROUP # # Accept DNS connections from the firewall to the network # ACCEPT fw net tcp 53 ACCEPT fw net udp 53 # # Accept SSH connections from the local network for administration # ACCEPT loc fw tcp 22 # # Allow Ping To And From Firewall # ACCEPT loc fw icmp 8 ACCEPT net fw icmp 8 ACCEPT fw loc icmp ACCEPT fw net icmp # # Allow Samba on Firewall # ACCEPT fw loc udp 137:139 ACCEPT fw loc tcp 137,139,445 ACCEPT fw loc udp 1024: 137 ACCEPT loc fw udp 137:139 ACCEPT loc fw tcp 137,139,445 ACCEPT loc fw udp 1024: 137 # # #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE masq: #INTERFACE SUBNET ADDRESS eth1 eth0 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE Hope this is usefull for someone :D Regards Anders Quote Link to comment Share on other sites More sharing options...
roland Posted April 17, 2004 Report Share Posted April 17, 2004 Thanks for the report. I'll keep a bookmark on it :) Quote Link to comment Share on other sites More sharing options...
Guest panicz Posted May 17, 2004 Report Share Posted May 17, 2004 Hope this is usefull for someone :D Thx for sharing the info it was more than usefull !! Now I have to do something with the samba I can see it on the network but I just can`t access it..... Anyway now the firewall isn`t making this log with warnings etc THX Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.