Well, I've been wanting to replace my router, but I don't want to spend any money. I figured, "Hey, I can just make my Linux router," after having shorewall recommended to me. Now, everything was fine when I first installed shorewall, I had it set up as in one-interface style, and it was really nice, but I decided today to see if I could make it a genuine router for my network. I couldn't.
The first thing that happened that was unexpected, was that I was unable to even connected directly to my cable modem. It grabbed an IP address, though not the regular external IP address I'm assigned, so I assumed it was a gateway and was correct as I grabbed it through DHCP. The only problem is that I was never able to get an internet connection through it, whenever I pinged anything it would just say destination unreachable. I noticed that my routing tables had changed to accommodate the new address as well.
So, I never could get a two-interface system in shorewall configured correctly, and reverted back to a one-interface style while using my dlink router and just DMZ'ing to the box shorewall was installed on. The problem after this, was that my routing table was significantly different than it was before I introduced the IP that was grabbed from my ISP's cable modem, and it's been quite a bit of trial and error getting it back in a working condition.
The behavior of shorewall seems to have completely changed as well. My /etc/shorewall/rules file seems to have absolutely no effect at all, and the only way that I could renable an internet connection was by putting 'all all ACCEPT' in my /etc/shorewall/policy file. I've since uninstalled shorewall because this behavior has not changed. I'm wondering if this is because of the screwed up routing table.
This is a current state of my routing table, and everything seems to be working properly, but I really doubt this routing table is completely correct.
While I don't have the address that I grabbed from the cable modem's DHCP, I found its CIDR by doing 'ip route show'
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 * 255.255.255.0 U 0 0 0 eth1
link-local * 255.255.0.0 U 1000 0 0 eth1
default 192.168.2.1 0.0.0.0 UG 0 0 0 eth1
I don't ever recall seeing this address before, but my dlink router handles all of the DHCP stuff silently, so I'm not sure if it's supposed to be there. Instead of using this address, should I use the address of my cable modem when I'm trying to connect directly to it as a router? I'm unsure which is supposed to be my IP address and which is supposed to be my gateway, and the people at my ISP generally don't know anything, so I can't really call them for specifics. The only thing I could think of doing is connecting directly to the cable modem on a Windows system, which I've done several times before, and grabbing all of the IP information I need that way, but I'm unsure of where I would find this information if it was just reading it from DHCP--haven't used Windows in a while.
192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.6
169.254.0.0/16 dev eth1 scope link metric 1000
default via 192.168.2.1 dev eth1
In any case, I'm mostly just concerned with whether or not my routing table is correct, but if anyone could shed some light on what I might have done wrong getting connected directly to my cable modem and trying to use shorewall for routing I would love some advice.