Sorry i meant Firewall Modus 1 ;-) Not 2. greetings, Thomas Am 08.08.2013 20:12, schrieb Thomas Berthel: > Hi Michael, > > thats it! :) A long way for me. But, its done. > I write my documentation new. It is so easy, > if you know what you're doing ;-) > > One question to Firewall Mode 2. I would take a new enable rule for > outgoing Port. > > I set on Wireless (blue) as defination with port XYZ he dont work - When > I put the ruleset on green works. Is this normal? > > greetings, Thomas > > Am 22.07.2013 10:37, schrieb Michael Tremer: >> Hi, >> >> you will have to grant access to every host on the blue network in the >> WUI. Please go to Firewall -> Blue Access and do that over there. >> >> -Michael >> >> On Sun, 2013-07-21 at 22:35 +0200, Thomas Berthel wrote: >>> Hi, >>> >>> nobody any idea? >>> >>> good night, Thomas >>> >>> On 07/02/2013 12:14 AM, Thomas Berthel wrote: >>>> Hi Michael, >>>> >>>>> Please run /etc/init.d/network-vlans start >>>> thanks. beginner error :-) >>>> >>>> Here my document for vlan: >>>> >>>> I configure my fire with the setup modus and change from green+red to >>>> green+red+organge+blue >>>> >>>> I setting up the network-ip's for blue & orange, then i became by the >>>> end from the setup a message: orange device cant configure not devivce >>>> found or so. Because it does not let me finish the setupmode i have >>>> cloesed the console-connection. >>>> >>>> I check my /var/ipfire/ethernet/settings and all information from my >>>> change in the setup-menu was written there. >>>> >>>> for example one snipp: >>>> >>>> BLUE_ADDRESS=192.168.2.1 >>>> BLUE_NETMASK=255.255.255.0 >>>> BLUE_NETADDRESS=192.168.2.0 >>>> BLUE_BROADCAST=192.168.2.255 >>>> >>>> but, no MAC-Address and no DEV was in there. >>>> >>>> The ifconfig says nothing to blue or orange. Okay then the next step. >>>> I configure my /var/ipfire/ethernet/vlans as follows: >>>> >>>> BLUE_PARENT_DEV=green0 >>>> BLUE_VLAN_ID=300 >>>> BLUE_MAC_ADDRESS=00:22:4D:84:A5:30 >>>> ORANGE_PARENT_DEV=green0 >>>> ORANGE_VLAN_ID=400 >>>> ORANGE_MAC_ADDRESS=00:22:4D:84:A5:40 >>>> >>>> Without "" for _PARENT_DEV="device1" and the _MAC_ADDRESS="11:22:33:..." >>>> >>>> Then i do /etc/init.d/network-vlan start, this was my messages-output: >>>> >>>> /etc/init.d/network-vlans start >>>> + CONFIG_FILE=/var/ipfire/ethernet/vlans >>>> + '[' -e /var/ipfire/ethernet/vlans ']' >>>> ++ /usr/local/bin/readhash /var/ipfire/ethernet/vlans >>>> + eval BLUE_PARENT_DEV=green0 BLUE_VLAN_ID=300 >>>> BLUE_MAC_ADDRESS=00:22:4D:84:A5:30 ORANGE_PARENT_DEV=green0 >>>> ORANGE_VLAN_ID=400 ORANGE_MAC_ADDRESS=00:22:4D:84:A5:40 >>>> ++ BLUE_PARENT_DEV=green0 >>>> ++ BLUE_VLAN_ID=300 >>>> ++ BLUE_MAC_ADDRESS=00:22:4D:84:A5:30 >>>> ++ ORANGE_PARENT_DEV=green0 >>>> ++ ORANGE_VLAN_ID=400 >>>> ++ ORANGE_MAC_ADDRESS=00:22:4D:84:A5:40 >>>> + action=start >>>> + for interface in green0 blue0 orange0 >>>> + case "${interface}" in >>>> + PARENT_DEV= >>>> + VLAN_ID= >>>> + MAC_ADDRESS= >>>> + case "${action}" in >>>> + '[' -z '' ']' >>>> + continue >>>> + for interface in green0 blue0 orange0 >>>> + case "${interface}" in >>>> + PARENT_DEV=green0 >>>> + VLAN_ID=300 >>>> + MAC_ADDRESS=00:22:4D:84:A5:30 >>>> + case "${action}" in >>>> + '[' -z green0 ']' >>>> + '[' -d /sys/class/net/blue0 ']' >>>> + '[' '!' -d /sys/class/net/green0 ']' >>>> + '[' -z 300 ']' >>>> + echo 'Creating VLAN interface blue0...' >>>> Creating VLAN interface blue0... >>>> + vconfig add green0 300 >>>> Added VLAN with VID == 300 to IF -:green0:- >>>> + ip link set green0.300 name blue0 >>>> + '[' -n 00:22:4D:84:A5:30 ']' >>>> + ip link set blue0 address 00:22:4D:84:A5:30 >>>> + ip link set green0 up >>>> + for interface in green0 blue0 orange0 >>>> + case "${interface}" in >>>> + PARENT_DEV=green0 >>>> + VLAN_ID=400 >>>> + MAC_ADDRESS=00:22:4D:84:A5:40 >>>> + case "${action}" in >>>> + '[' -z green0 ']' >>>> + '[' -d /sys/class/net/orange0 ']' >>>> + '[' '!' -d /sys/class/net/green0 ']' >>>> + '[' -z 400 ']' >>>> + echo 'Creating VLAN interface orange0...' >>>> Creating VLAN interface orange0... >>>> + vconfig add green0 400 >>>> Added VLAN with VID == 400 to IF -:green0:- >>>> + ip link set green0.400 name orange0 >>>> + '[' -n 00:22:4D:84:A5:40 ']' >>>> + ip link set orange0 address 00:22:4D:84:A5:40 >>>> + ip link set green0 up >>>> >>>> Yeah! The finale countdown ;-) >>>> >>>> So, i checket my ifconfig and only the device with no IP was displayed: >>>> >>>> blue0 Link encap:Ethernet HWaddr 00:22:4D:84:A5:30 >>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >>>> RX packets:0 errors:0 dropped:0 overruns:0 frame:0 >>>> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 >>>> collisions:0 txqueuelen:0 >>>> RX bytes: (0 Kb) TX bytes: (0 Kb) >>>> >>>> WTF? okay. I configure my /var/ipfire/ethernet/settings once again as >>>> described here: >>>> >>>> BLUE_DEV=blue0 >>>> BLUE_MACADDR=00:22:4d:84:a5:30 >>>> BLUE_DESCRIPTION='"pci: Intel Corporation 82574L Gigabit Network >>>> Connection"' >>>> BLUE_DRIVER=e1000e >>>> BLUE_ADDRESS=192.168.2.1 >>>> BLUE_NETMASK=255.255.255.0 >>>> BLUE_NETADDRESS=192.168.2.0 >>>> BLUE_BROADCAST=192.168.2.255 >>>> >>>> Next step - reboot firewall! then the result from ifconfig said: >>>> >>>> blue0 Link encap:Ethernet HWaddr 00:22:4D:84:A5:30 >>>> inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0 >>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >>>> RX packets:0 errors:0 dropped:0 overruns:0 frame:0 >>>> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 >>>> collisions:0 txqueuelen:0 >>>> RX bytes: (0 Kb) TX bytes: (0 Kb) >>>> >>>> BUT - my firewall droped my DNS and HTTP requests. I tried to change the >>>> rules with the firewall-mode from 1 to 0 and in the WUI by mode 1 to set >>>> rules for wireless to allow this connections. Without success! >>>> >>>> for example: >>>> Jul 1 21:23:10 ipfw kernel: DROP_WirelessinputIN=blue0 OUT= >>>> MAC=00:22:4d:84:a5:30:7c:61:93:16:2f:82:08:00 SRC=192.168.2.10 >>>> DST=192.168.2.1 LEN=69 TOS=0x00 PREC=0x00 TTL=64 ID=25514 DF PROTO=UDP >>>> SPT=1083 DPT=53 LEN=4 >>>> >>>> Any idea? >>>> >>>> BG, Thomas >>>> >>>> Am 01.07.2013 11:53, schrieb Michael Tremer: >>>>> On Sun, 2013-06-30 at 15:37 +0200, Thomas Berthel wrote: >>>>>> Hi @ all, >>>>>> >>>>>> i have checked the /etc/init.d/network-vlans Script and become following >>>>>> messages: Invalid action >>>>>> >>>>>> The dubug output says: >>>>>> >>>>>> (/var/ipfire/ethernet):/etc/init.d/network-vlans >>>>>> + CONFIG_FILE=/var/ipfire/ethernet/vlans >>>>>> + '[' -e /var/ipfire/ethernet/vlans ']' >>>>>> ++ /usr/local/bin/readhash /var/ipfire/ethernet/vlans >>>>>> + eval '#GREEN_VLAN_ID=20' BLUE_VLAN_ID=300 ORANGE_VLAN_ID=400 >>>>>> + action= >>>>>> + for interface in green0 blue0 orange0 >>>>>> + case "${interface}" in >>>>>> + PARENT_DEV= >>>>>> + VLAN_ID= >>>>>> + MAC_ADDRESS= >>>>>> + case "${action}" in >>>>>> + echo 'Invalid action: ' >>>>>> Invalid action: >>>>>> + exit 1 >>>>> >>>>> Please run /etc/init.d/network-vlans start or /etc/init.d/network-vlans >>>>> to start and stop the virtual interfaces. >>>>> >>>>> -Michael >>>>> >>>> >>>> _______________________________________________ >>>> Documentation mailing list >>>> Documentation(a)lists.ipfire.org >>>> http://lists.ipfire.org/mailman/listinfo/documentation >>>> >>> >>> _______________________________________________ >>> Documentation mailing list >>> Documentation(a)lists.ipfire.org >>> http://lists.ipfire.org/mailman/listinfo/documentation >> >> _______________________________________________ >> Documentation mailing list >> Documentation(a)lists.ipfire.org >> http://lists.ipfire.org/mailman/listinfo/documentation >> > > _______________________________________________ > Documentation mailing list > Documentation(a)lists.ipfire.org > http://lists.ipfire.org/mailman/listinfo/documentation >