Shorewall and enabling DHCP on second LAN interface.

HI,

I have installed and configured shorewall. I have two LAN interfaces, where eth1 is local network and eth0 is external network.


eth1      Link encap:Ethernet  HWaddr 00:80:48:26:40:6B  
              inet addr:192.168.15.254  Bcast:192.168.15.255  Mask:255.255.255.0
              inet6 addr: fe80::280:48ff:fe26:406b/64 Scope:Link 
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:35123 errors:0 dropped:0 overruns:0 frame:0   
             TX packets:70505 errors:0 dropped:0 overruns:0 carrier:0     
              collisions:0 txqueuelen:1000      
             RX bytes:3313361 (3.1 Mb)  TX bytes:83711330 (79.8 Mb)    
             Interrupt:16 Base address:0xe800 

eth4      Link encap:Ethernet  HWaddr 00:05:5D:4B:16:A3 
              inet addr:10.10.10.91  Bcast:10.10.10.255  Mask:255.255.255.0      
               inet6 addr: fe80::205:5dff:fe4b:16a3/64 Scope:Link
             UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1   
             RX packets:88243 errors:0 dropped:0 overruns:0 frame:0       
             TX packets:41005 errors:0 dropped:0 overruns:0 carrier:0         
              collisions:0 txqueuelen:1000    
              RX bytes:87549214 (83.4 Mb)  TX bytes:4400142 (4.1 Mb)    
                Interrupt:18 Base address:0xc400


All i need to know is how can i enable dhcp to eth1 interface.
IP forwarding is enabled.

if i connect eth1 interface to my laptop through cable, then i have to assign static IP in LAPTOP(i.e 192.168.15.251 and gw-192.168.15.254), then only i will be able to connect to internet.

All i need is when connected eth1 to laptop, i should get a auto IP in my laptop and get connected.

and can any one tell me is IPTABLES related to shorewall???

Although I haven’t used Shorewall but will take a look at it in the near future, I’d recommend

  • Have you studied the Shorewall “Basic Two-interface Firewall” help closely? It can be found either in offline documentation you can install (shorewall-docs) or online. If you install the package, you should find this page at

/usr/share/doc/packages/shorewall-docs/two-interface.htm

Online, the same page is at
Basic Two-Interface Firewall

  • I’m still studying Shorewall and I recognize already that it does more than simply manage firewall settings so this observation should be carefully evaluated first… Usually firewall configuration managers configure only the firewall application and don’t touch the interface settings, leaving that to the OS. If Shorewall follows that paradigm (which isn’t guaranteed), then it should be possible to setup your NIC with DHCP settings using YAST, then configure IPtables and routing using Shorewall.

As for your closing question, according to the documentation Shorewall indeed uses and configures IPTABLES, but looks to me that configuration settings are stored in non-standard locations.

Last comment is that I find it odd using something like Shorewall on your laptop… Shorewall is targeted at advanced configurations on Servers… I don’t know how easy it will be to configure for “sometimes connected” interfaces… If I were to guess, those scenarios wouldn’t be documented, even if were possible would require considerable independent work.

In other words, unless you’re using your laptop as a Server with fixed and permanent network connections or doing this for educational purposes, I’d recommend you install SuSEFW instead of Shorewall.

Good Luck,
TS

HTH,
TS