Andrei Popescu <andreimpope...@gmail.com> writes: > On Sb, 14 ian 12, 12:48:42, Csanyi Pal wrote: >> >> allow-hotplug eth0 >> iface eth0 inet dhcp >> >> allow-hotplug eth1 >> iface eth1 inet static >> address 192.168.10.1 >> netmask 255.255.255.0
<snipped> >> I setup IP Forwarding so: >> nano /etc/sysctl.conf >> # Uncomment the following to stop low-level messages on console >> kernel.printk = 3 4 1 3 net.ipv4.ip_forward = 0 >> >> /etc/init.d/procps restart >> >> nano /etc/shorewall/shorewall.conf >> IP_FORWARDING=Yes <snipped> >> nano /etc/shorewall/masq >> eth0 192.168.10.0/24 <snipped> >> nano /etc/shorewall/interfaces >> net eth0 detect blacklist,dhcp >> loc eth1 detect dhcp >> >> nano /etc/shorewall/zones >> fw firewall >> net ipv4 >> loc ipv4 >> >> nano /etc/shorewall/policy loc all ACCEPT fw all ACCEPT net all DROP info # THE FOLLOWING POLICY MUST BE LAST all all REJECT info <snipped> >> nano /etc/shorewall/rules >> DNS(ACCEPT) $FW net >> >> SSH(ACCEPT) loc $FW >> >> Ping(ACCEPT) loc $FW >> >> Ping(DROP) net $FW >> >> ACCEPT $FW loc icmp >> ACCEPT $FW net icmp >> >> ACCEPT all all icmp time-exceeded # traceroute >> ACCEPT all all tcp http,https <snipped> > Again, please explain why you have to reinstall and can't fix the > problem instead. I must to reinstall instead of fixing the problem because this is a headless PC Box, so if I make a mistake then it can be happen that that I can't to SSH into that system again to fix the problem this way. -- Regards from Pal -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87pqemytx4.fsf@debian-asztal.excito
