Through the LEAF packages configuration menu, choose shorwall and check the three following files:
A) The interfaces file (entry 3) defines your
interfaces. Here connection to the net goes through ppp0. So we must
set:
(...) #ZONE INTERFACE BROADCAST OPTIONS net ppp0 - routefilter adsl eth0 10.0.0.255 loc eth1 detect routestopped #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
Do not forget the "-" under the BROADCAST heading for the net/ppp0 entry.
B) Add the following line to
/etc/shorewall/policy. Now the policy for traffic
between the firewall and the adsl zone is set to ACCEPT:
(...) fw adsl ACCEPT
C) The masq file (entry 8). With a dial-up
modem setup it should look like:
(...) #INTERFACE SUBNET ppp0 eth1 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
D) You may also need to edit the config file
(entry 12) to adjust the CLAMPMSS variable to "yes":
(...) # Set this variable to "Yes" or "yes" if you want the TCP "Clamp MSS to PMTU" # option. This option is most commonly required when your internet # interface is some variant of PPP (PPTP or PPPoE). Your kernel must # # If left blank, or set to "No" or "no", the option is not enabled. # CLAMPMSS="yes" (...)
Backup the shorwall.lrp package.