Develop Reference

DPDK cannot detect ethernet ports

I have installed DPDK (v20.11.0) shipped by F-stack correctly and have bonded the NICs to the igb_uio driver. The output of dpdk-devbind.py can help to verify it:
Network devices using DPDK-compatible driver
============================================
0000:04:00.0 'I210 Gigabit Network Connection 1533' drv=igb_uio unused=igb,vfio-pci,uio_pci_generic
0000:05:00.0 'I210 Gigabit Network Connection 1533' drv=igb_uio unused=igb,vfio-pci,uio_pci_generic
0000:af:00.0 'Ethernet Controller X710/X557-AT 10GBASE-T 1589' drv=igb_uio unused=i40e,vfio-pci,uio_pci_generic
Network devices using kernel driver
===================================
0000:1a:00.0 'Ethernet Connection X722 for 10GBASE-T 37d2' if=enp26s0f0 drv=i40e unused=igb_uio,vfio-pci,uio_pci_generic *Active*
0000:1a:00.1 'Ethernet Connection X722 for 10GBASE-T 37d2' if=enp26s0f1 drv=i40e unused=igb_uio,vfio-pci,uio_pci_generic *Active*
0000:af:00.1 'Ethernet Controller X710/X557-AT 10GBASE-T 1589' if=enp175s0f1 drv=i40e unused=igb_uio,vfio-pci,uio_pci_generic *Active*
0000:af:00.2 'Ethernet Controller X710/X557-AT 10GBASE-T 1589' if=enp175s0f2 drv=i40e unused=igb_uio,vfio-pci,uio_pci_generic *Active*
0000:af:00.3 'Ethernet Controller X710/X557-AT 10GBASE-T 1589' if=enp175s0f3 drv=i40e unused=igb_uio,vfio-pci,uio_pci_generic *Active*
However, when I ran some tests from this DPDK directory, such as basicfwd, it returns an error saying number of ports must be even. I then checked the return value of rte_eth_dev_count_avail and it's 0.
$ sudo ./basicfwd -l 1 -n 4
EAL: Detected 72 lcore(s)
EAL: Detected 2 NUMA nodes
EAL: Multi-process socket /var/run/dpdk/rte/mp_socket
EAL: Selected IOVA mode 'PA'
EAL: No available hugepages reported in hugepages-1048576kB
EAL: Probing VFIO support...
EAL: VFIO support initialized
EAL: No legacy callbacks, legacy socket not created
EAL: Error - exiting with code: 1
Cause: Error: number of ports must be even
Which is even weird is that the output of test-pmd seems like my NICs CAN be detected?
EAL: Detected 72 lcore(s)
EAL: Detected 2 NUMA nodes
EAL: Multi-process socket /var/run/dpdk/rte/mp_socket
EAL: Selected IOVA mode 'PA'
EAL: No available hugepages reported in hugepages-1048576kB
EAL: Probing VFIO support...
EAL: VFIO support initialized
EAL: Probe PCI driver: net_e1000_igb (8086:1533) device: 0000:04:00.0 (socket 0)
EAL: Probe PCI driver: net_e1000_igb (8086:1533) device: 0000:05:00.0 (socket 0)
EAL: Probe PCI driver: net_i40e (8086:1589) device: 0000:af:00.0 (socket 1)
EAL: No legacy callbacks, legacy socket not created
testpmd: create a new mbuf pool <mb_pool_0>: n=715456, size=2176, socket=0
testpmd: preferred mempool ops selected: ring_mp_mc
testpmd: create a new mbuf pool <mb_pool_1>: n=715456, size=2176, socket=1
testpmd: preferred mempool ops selected: ring_mp_mc
Warning! port-topology=paired and odd forward ports number, the last port will pair with itself.
Configuring Port 0 (socket 0)
Port 0: 74:FE:48:4D:99:E8
Configuring Port 1 (socket 0)
Port 1: 74:FE:48:4D:99:E9
Configuring Port 2 (socket 1)
Port 2: 3C:FD:FE:83:4A:18
Checking link statuses...
Done
No commandline core given, start packet forwarding
io packet forwarding - ports=3 - cores=1 - streams=3 - NUMA support enabled, MP allocation mode: native
Logical Core 1 (socket 0) forwards packets on 3 streams:
RX P=0/Q=0 (socket 0) -> TX P=1/Q=0 (socket 0) peer=02:00:00:00:00:01
RX P=1/Q=0 (socket 0) -> TX P=0/Q=0 (socket 0) peer=02:00:00:00:00:00
RX P=2/Q=0 (socket 1) -> TX P=2/Q=0 (socket 1) peer=02:00:00:00:00:02
io packet forwarding packets/burst=32
nb forwarding cores=1 - nb forwarding ports=3
port 0: RX queue number: 1 Tx queue number: 1
Rx offloads=0x0 Tx offloads=0x0
RX queue: 0
RX desc=512 - RX free threshold=32
RX threshold registers: pthresh=0 hthresh=0 wthresh=0
RX Offloads=0x0
TX queue: 0
TX desc=512 - TX free threshold=0
TX threshold registers: pthresh=8 hthresh=1 wthresh=16
TX offloads=0x0 - TX RS bit threshold=0
port 1: RX queue number: 1 Tx queue number: 1
Rx offloads=0x0 Tx offloads=0x0
RX queue: 0
RX desc=512 - RX free threshold=32
RX threshold registers: pthresh=0 hthresh=0 wthresh=0
RX Offloads=0x0
TX queue: 0
TX desc=512 - TX free threshold=0
TX threshold registers: pthresh=8 hthresh=1 wthresh=16
TX offloads=0x0 - TX RS bit threshold=0
port 2: RX queue number: 1 Tx queue number: 1
Rx offloads=0x0 Tx offloads=0x10000
RX queue: 0
RX desc=256 - RX free threshold=32
RX threshold registers: pthresh=0 hthresh=0 wthresh=0
RX Offloads=0x0
TX queue: 0
TX desc=256 - TX free threshold=32
TX threshold registers: pthresh=32 hthresh=0 wthresh=0
TX offloads=0x10000 - TX RS bit threshold=32
Press enter to exit
I suspect it might be the problem of F-stack, because if I try with the latest version of DPDK, it can detect my NICs.
Could anyone help find what could be wrong in my setting? Any help would be greatly appreciated.

Based on the logs shared from dpdk-devbind you have 3 NIC ports identified under DPDK such as
Network devices using DPDK-compatible driver
============================================
0000:04:00.0 'I210 Gigabit Network Connection 1533' drv=igb_uio unused=igb,vfio-pci,uio_pci_generic
0000:05:00.0 'I210 Gigabit Network Connection 1533' drv=igb_uio unused=igb,vfio-pci,uio_pci_generic
0000:af:00.0 'Ethernet Controller X710/X557-AT 10GBASE-T 1589' drv=igb_uio unused=i40e,vfio-pci,uio_pci_generic
With respect DPDK example skeleton, it works on pair of ports that is 2, 4, 6, 8, ... etc. Hence when you run the application sudo ./basicfwd -l 1 -n 4 there would be 2 outcomes (with real option -d not passed)
If build static with make clean; make static the application sees 3 ports.
If the build shared with make clean; make the application will see 0 ports
So to resolve the problem you have 3 options
Add 1 additional nic either physical or virtual (--vdev=net_tap0)
or add 1 nic to block list by -b 0000:af:00.0 or by removing from dev-bind
or pass 2 nic exclusively by -a 0000:04:00.0 -a 0000:05:00.0
Note: if you have build with shared library mode, you will also need to pass the appropriate PMD driver for probing to be successful for basicfwd. You can easily identify this since there is pci device probe at all in the logs (--log-level=pmd,8).

According to dpdk-devbind output, there are three NICs bound to a DPDK-compatible driver. When one does not specify explicitly (using the -a EAL argument) which NICs to pick, EAL discovers all of the said NICs, but basicfwd demands that the number of ports be even.
In order to solve the problem in question, consider running basicfwd as follows:
sudo ./basicfwd -l 1 -n 4 -a 0000:04:00.0 -a 0000:05:00.0

DPDK testpmd cannot seem to send packet on ZCU102

Development setup:
ARM-Cortex-A53 on a Xilinx ZCU102 board
one Intel 82575EB NIC with two ports
Ubuntu 20.04
linux kernel 5.10.0-Xilinx
DPDK version 19.11.3-LTS
Two NIC ports had previously all been binded to default igb drivers and tested out for internet connectivity with ping command, proving that they could function normally.
During the DPDK testpmd test, dpdk-devbind status are shown as follows:(igb_uio driver has also been binded and tested)
Network devices using DPDK-compatible driver
============================================
0000:01:00.0 '82575EB Gigabit Network Connection 10a7' drv=uio_pci_generic unused=igb
0000:01:00.1 '82575EB Gigabit Network Connection 10a7' drv=uio_pci_generic unused=igb
No 'Baseband' devices detected
==============================
No 'Crypto' devices detected
============================
No 'Eventdev' devices detected
==============================
No 'Mempool' devices detected
=============================
No 'Compress' devices detected
==============================
No 'Misc (rawdev)' devices detected
===================================
No 'Regex' devices detected
===========================
I ran the testpmd application with the following command in root mode:
./testpmd -- -i --total-num-mbufs=2048
connected the two net ports together and used start tx_first to start the test. However, no forwarding traffic was detected.
EAL: Detected 4 lcore(s)
EAL: Detected 1 NUMA nodes
EAL: Detected static linkage of DPDK
EAL: Multi-process socket /var/run/dpdk/rte/mp_socket
EAL: Selected IOVA mode 'PA'
EAL: No available hugepages reported in hugepages-32768kB
EAL: No available hugepages reported in hugepages-64kB
EAL: No available hugepages reported in hugepages-1048576kB
EAL: Probing VFIO support...
EAL: VFIO support initialized
EAL: Probe PCI driver: net_e1000_igb (8086:10a7) device: 0000:01:00.0 (socket 0)
EAL: Probe PCI driver: net_e1000_igb (8086:10a7) device: 0000:01:00.1 (socket 0)
Interactive-mode selected
testpmd: create a new mbuf pool <mb_pool_0>: n=2048, size=2176, socket=0
testpmd: preferred mempool ops selected: ring_mp_mc
Configuring Port 0 (socket 0)
Port 0: 1C:FD:08:73:BC:D4
Configuring Port 1 (socket 0)
Port 1: 1C:FD:08:73:BC:D5
Checking link statuses...
Done
testpmd>
Port 1: link state change event
testpmd> start tx_first
io packet forwarding - ports=2 - cores=1 - streams=2 - NUMA support enabled, MP allocation mode: native
Logical Core 1 (socket 0) forwards packets on 2 streams:
RX P=0/Q=0 (socket 0) -> TX P=1/Q=0 (socket 0) peer=02:00:00:00:00:01
RX P=1/Q=0 (socket 0) -> TX P=0/Q=0 (socket 0) peer=02:00:00:00:00:00
io packet forwarding packets/burst=32
nb forwarding cores=1 - nb forwarding ports=2
port 0: RX queue number: 1 Tx queue number: 1
Rx offloads=0x0 Tx offloads=0x0
RX queue: 0
RX desc=512 - RX free threshold=32
RX threshold registers: pthresh=0 hthresh=0 wthresh=0
RX Offloads=0x0
TX queue: 0
TX desc=512 - TX free threshold=0
TX threshold registers: pthresh=8 hthresh=1 wthresh=16
TX offloads=0x0 - TX RS bit threshold=0
port 1: RX queue number: 1 Tx queue number: 1
Rx offloads=0x0 Tx offloads=0x0
RX queue: 0
RX desc=512 - RX free threshold=32
RX threshold registers: pthresh=0 hthresh=0 wthresh=0
RX Offloads=0x0
TX queue: 0
TX desc=512 - TX free threshold=0
TX threshold registers: pthresh=8 hthresh=1 wthresh=16
TX offloads=0x0 - TX RS bit threshold=0
testpmd> stop
Telling cores to stop...
Waiting for lcores to finish...
---------------------- Forward statistics for port 0 ----------------------
RX-packets: 0 RX-dropped: 0 RX-total: 0
TX-packets: 0 TX-dropped: 0 TX-total: 0
----------------------------------------------------------------------------
---------------------- Forward statistics for port 1 ----------------------
RX-packets: 0 RX-dropped: 0 RX-total: 0
TX-packets: 0 TX-dropped: 0 TX-total: 0
----------------------------------------------------------------------------
+++++++++++++++ Accumulated forward statistics for all ports+++++++++++++++
RX-packets: 0 RX-dropped: 0 RX-total: 0
TX-packets: 0 TX-dropped: 0 TX-total: 0
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
I tried using set promisc all on from this answer, and I also tried disconnecting the two ports and using tx_first, yet to no avail.
Also, while connecting to an external ethernet port and generating traffic from that port, testpmd shows that the port being connected have successfully received packets, but failed to send any. Can anyone show me what i'm doing wrong?

Wifi has IP by DHCP but no internet access

I have installed a new USB Wifi network card in Debian 9.
After configuring it, the router assigns me an IP via DHCP but I don't have internet access.
It is the Alpha Network AWUS036NH (Ralink RT3070 Chipset) Wifi network card.
It is on a Debian 9 without a graphical environment.
I have installed the firmware-ralink package and it is using the rt2800usb driver.
I have tried the next commands:
iwconfig
eth1 no wireless extensions.
eth0 no wireless extensions.
wlan0 IEEE 802.11 ESSID:"CAMIONES"
Mode:Managed Frequency:2.437 GHz Access Point: 74:AC:B9:21:3C:E5
Bit Rate=1 Mb/s Tx-Power=20 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=70/70 Signal level=-37 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:1 Invalid misc:4 Missed beacon:0
lo no wireless extensions.
ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.80.4.2 netmask 255.255.255.0 broadcast 10.80.4.255
ether 4c:02:89:12:c0:be txqueuelen 1000 (Ethernet)
RX packets 5002 bytes 631414 (616.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5510 bytes 882802 (862.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0xd0600000-d06fffff
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1 (Local Loopback)
RX packets 6146 bytes 509679 (497.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6146 bytes 509679 (497.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.200.18 netmask 255.255.255.0 broadcast 192.168.200.255
ether 00:c0:ca:5a:00:60 txqueuelen 1000 (Ethernet)
RX packets 8 bytes 1170 (1.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 58 bytes 7704 (7.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.80.4.1 0.0.0.0 UG 0 0 0 eth0
10.80.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
192.168.200.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
traceroute -i wlan0 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 *^C
I have tried to add a static route so that when I use wlan0 it will find its gateway:
route add default gw 192.168.200.1 dev wlan0
The rule is added but it does not work and I also lose internet access through eth0
ping -c2 -I wlan0 www.google.fr
PING www.google.fr (216.58.209.67) from 192.168.200.18 wlan0: 56(84) bytes of data.
--- www.google.fr ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1032ms
Contents of the configuration files:
/etc/resolv.conf
nameserver 80.58.61.250
nameserver 8.8.8.8
nameserver 80.58.61.254
/etc/network/interfaces.d/wlan0
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-ssid CAMIONES
wpa-psk pass
gateway 192.168.200.1
dns-nameservers 192.168.200.1
/etc/wpa_supplicant/wpa_supplicant.conf
network={
ssid="CAMIONES"
psk="pass"
}
I have tried connecting to another router and have the same problem.
What problem can I have with the configuration?
Thank you very much.

Your default route is set to go out via eth0 so all traffic will leave the eth0 interface, unless you have a specific(non default) route set to go out via wlan0.
Try this and see if you get a response:
route add -net 8.8.8.0 netmask 255.255.255.0 gw 192.168.200.1 dev wlan0
ping 8.8.8.8

Cannot Ping Devices Across Interfaces for Shorewall Single IP Three-interface Firewall on Debian Wheezy [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
Summary
I am currently working on a three interface software firewall using Shorewall 4.5.5.3 on Debian Wheezy, and I'm having some difficulty with the loc (eth2) and dmz (eth1) interfaces. The fw (eth0) interface seems to be working just fine, but I cannot ping PCs on loc or dmz zones. There is likely something wrong with my /etc/network/interfaces setup in the network.
The fw interface runs on dhcp through my ISP, and I configured the loc and dmz interfaces and PCs inside those zones with static IPs. The configuration that I'm trying to use is the three-interface and single IP configuration. The reference document is located on the Shorewall website, "Three-Interface Firewall". I don't know what to do about a gateway on eth1 or eth2 interfaces, b/c the Shorewall docs don't explain that. I assume it would be the same gateway as eth0, but I don't know how to do that since eth0 is on dhcp.
Networking
/etc/network/interfaces for firmware node:
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet dhcp
# Secondary network interface for dmz
auto eth1
iface eth1 inet static
address 10.10.1.1/24
netmask 255.255.255.0
# Tirtirary network interface for loc
auto eth2
iface eth2 inet static
address 10.10.2.1/24
netmask 255.255.255.0
/etc/network/interfaces for dmz
# dmz network interface
auto eth0
iface eth0 inet static
address 10.10.1.2/24
netmask 255.255.255.0
gateway 10.10.1.1
Starting with just the dmz, is there something wrong with my network interfaces setup?
This is what happens when i restart my networking:
Listening on LPF/eth0/HEX:...:...
Sending on LPF/eth0/HEX:...:...
Sending on Socket/fallback
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 6
DHCPREQUEST on eth0 to 255.255.255.255 port 67
DHCPOFFER from XY.IP...
DHCPACK from XY.IP...
suspect value in ^1/7078C526/res-5000-2.0 option - discarded
suspect value in ^1/FBEA1017/res-5000-2.0 option - discarded
bound to NEW.IP... -- renewal in 33594 seconds.
done.
I don't understand the "suspect .... - discarded" lines. Does this indicate a problem, or are those potential IPs that are being rejected?
These are the results of ifconfig:
eth0 Link encap:Ethernet HWaddr MAC
inet addr:DHCP.IP Bcast:DHCP.BC Mask:DHCP.M
inet6 addr: inet6.IP Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:268607 errors:0 dropped:0 overruns:0 frame:0
TX packets:89830 errors:0 dropped:0 overruns:0 carrier:7
collisions:0 txqueuelen:1000
RX bytes:25066229 (23.9 MiB) TX bytes:10734393 (10.2 MiB)
Interrupt:17
eth1 Link encap:Ethernet HWaddr c0:4a:00:03:00:04
inet addr:10.10.1.1 Bcast:10.10.1.255 Mask:255.255.255.0
inet6 addr: fe80::c24a:ff:fe03:4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:82 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:4664 (4.5 KiB)
Interrupt:19 Base address:0xac00
eth2 Link encap:Ethernet HWaddr c0:4a:00:07:6a:31
inet addr:10.10.2.1 Bcast:10.10.2.255 Mask:255.255.255.0
inet6 addr: fe80::c24a:ff:fe07:6a31/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:48 errors:0 dropped:0 overruns:0 frame:0
TX packets:33 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2880 (2.8 KiB) TX bytes:2578 (2.5 KiB)
Interrupt:16 Base address:0xe800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:41 errors:0 dropped:0 overruns:0 frame:0
TX packets:41 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4592 (4.4 KiB) TX bytes:4592 (4.4 KiB)
Shorewall settings
interfaces
net eth0 tcpflags,dhcp,nosmurfs,routefilter,logmartians,sourceroute=0
dmz eth1 tcpflags,nosmurfs,routefilter,logmartians
loc eth2 tcpflags,nosmurfs,routefilter,logmartians
masq
eth0 10.10.1.0/24
eth0 10.10.2.0/24
params
ETH0_IP=$(find_first_interface_address eth0)
policy
loc net ACCEPT
net all DROP info
# THE FOLLOWING POLICY MUST BE LAST
all all REJECT info
routestopped
eth1 -
eth2 -
rules
SECTION NEW
# Don't allow connection pickup from the net
Invalid(DROP) net all
# Accept DNS connections from the firewall to the Internet
DNS(ACCEPT) $FW net
# Accept SSH connections from the local network to the firewall and DMZ
SSH(ACCEPT) loc $FW
SSH(ACCEPT) loc dmz
# DMZ DNS access to the Internet
DNS(ACCEPT) dmz net
# Drop Ping from the "bad" net zone.
Ping(DROP) net $FW
# Make ping work bi-directionally between the dmz, net, Firewall and local zone
# (assumes that the loc-> net policy is ACCEPT).
Ping(ACCEPT) loc $FW
Ping(ACCEPT) dmz $FW
Ping(ACCEPT) loc dmz
Ping(ACCEPT) dmz loc
Ping(ACCEPT) dmz net
Ping(ACCEPT) loc net
ACCEPT $FW net icmp
ACCEPT $FW loc icmp
ACCEPT $FW dmz icmp
# Allow connection to web server from loc to dmz
DNAT loc dmz:10.10.1.2 tcp - 80,443 $ETH0_IP
# Allow DNS connection to internal server from net
DNS(ACCEPT) loc dmz:10.10.1.3
DNS(ACCEPT) $FW dmz:10.10.1.3
DNS(ACCEPT) loc dmz:10.10.1.4
DNS(ACCEPT) $FW dmz:10.10.1.4
# Allow SMTPS traffic to internal server from net
SMTPS(ACCEPT) dmz:10.10.1.2 $FW
POP3S(ACCEPT) $FW dmz:10.10.1.2
# Allow SSH and SFTP on web server
SSH(ACCEPT) $FW dmz:10.10.1.2
SSH(ACCEPT) net $FW
shorewall.conf
# Only change in this file:
IP_FORWARDING=On
zones
fw firewall
net ipv4
loc ipv4
dmz ipv4
shorewall check
Checking...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Checking /etc/shorewall/zones...
Checking /etc/shorewall/interfaces...
Determining Hosts in Zones...
Locating Action Files...
Checking /usr/share/shorewall/action.Drop for chain Drop...
Checking /usr/share/shorewall/action.Broadcast for chain Broadcast...
Checking /usr/share/shorewall/action.Invalid for chain Invalid...
Checking /usr/share/shorewall/action.NotSyn for chain NotSyn...
Checking /usr/share/shorewall/action.Reject for chain Reject...
Checking /etc/shorewall/policy...
Adding Anti-smurf Rules
Adding rules for DHCP
Checking TCP Flags filtering...
Checking Kernel Route Filtering...
Checking Martian Logging...
Checking Accept Source Routing...
Checking /etc/shorewall/masq...
Checking MAC Filtration -- Phase 1...
Checking /etc/shorewall/rules...
Checking /usr/share/shorewall/action.Invalid for chain %Invalid...
Checking MAC Filtration -- Phase 2...
Applying Policies...
Checking /etc/shorewall/routestopped...
Shorewall configuration verified
shorewall start
Compiling...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
Determining Hosts in Zones...
Locating Action Files...
Compiling /usr/share/shorewall/action.Drop for chain Drop...
Compiling /usr/share/shorewall/action.Broadcast for chain Broadcast...
Compiling /usr/share/shorewall/action.Invalid for chain Invalid...
Compiling /usr/share/shorewall/action.NotSyn for chain NotSyn...
Compiling /usr/share/shorewall/action.Reject for chain Reject...
Compiling /etc/shorewall/policy...
Adding Anti-smurf Rules
Adding rules for DHCP
Compiling TCP Flags filtering...
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling Accept Source Routing...
Compiling /etc/shorewall/masq...
Compiling MAC Filtration -- Phase 1...
Compiling /etc/shorewall/rules...
Compiling /usr/share/shorewall/action.Invalid for chain %Invalid...
Compiling MAC Filtration -- Phase 2...
Applying Policies...
Generating Rule Matrix...
Creating iptables-restore input...
Compiling /etc/shorewall/routestopped...
Shorewall configuration compiled to /var/lib/shorewall/.start
Starting Shorewall....
Initializing...
Setting up Route Filtering...
Setting up Martian Logging...
Setting up Accept Source Routing...
Setting up Traffic Control...
Preparing iptables-restore input...
Running /sbin/iptables-restore...
IPv4 Forwarding Enabled
done.
Ping
in fw terminal: ping 10.10.1.2
PING 10.10.1.2 (10.10.1.2) 56(84) bytes of data.
From 10.10.1.1 icmp_seq=1 Destination Host Unreachable
From 10.10.1.1 icmp_seq=2 Destination Host Unreachable
From 10.10.1.1 icmp_seq=3 Destination Host Unreachable
in dmz terminal: ping 10.10.1.1
connect: network not reachable
I don't know what is missing/wrong. Any help would be appreciated.

Solution
I found an answer to my problem, and it was the network configuration on the dmz. The dmz is on a Dell Power Edge 1950, where I'm running the hardware node on 10.10.1.2/24, and a venet0, virtual node for OpenVZ. I was not concerned about connecting to the OpenVZ nodes just yet, but could not even connect to the hardware node. After modifying the networking information and removing the CIDR addition of /24, everything fell into place. I run CentOS 6.5 on the hardware node, and I guess it doesn't like CIDR addressing.
I am now pinging the dmz from fw, so the gateway is open, happy days:
> ping 10.10.2.1
PING 10.10.2.1 (10.10.2.1) 56(84) bytes of data.
64 bytes from 10.10.2.1: icmp_req=1 ttl=64 time=0.056 ms
64 bytes from 10.10.2.1: icmp_req=2 ttl=64 time=0.027 ms
64 bytes from 10.10.2.1: icmp_req=3 ttl=64 time=0.026 ms
64 bytes from 10.10.2.1: icmp_req=4 ttl=64 time=0.025 ms
Summary
The configuration is solid, so I hope it helps someone else setting up a Shorewall interface.

ipv6 i can't connect from the outside

I'm testing IPv6 networking (using FreeBSSD .0, VMWare, NAT), but I can't connect from outside (localhost) via an IPv6 address(using IPv4, it works fine). How can I set up the network properly?
[root# /home/osmund]# cat /etc/rc.conf
hostname=""
ipv6_activate_all_interfaces="YES"
ifconfig_em1_ipv6="inet6 2001:db8:1::1 prefixlen 64"
#ipv6_enable="YES"
ipv6_network_interface="em1"
ifconfig_le0="DHCP"
sshd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
[root# /home/osmund]# ifconfig
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:0c:29:8f:45:74
inet6 2001:db8:1::1 prefixlen 64
inet6 fe80::20c:29ff:fe8f:4574%em1 prefixlen 64 scopeid 0x2
inet 192.168.124.133 netmask 0xffffff00 broadcast 192.168.124.255
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: active
plip0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> metric 0 mtu 1500
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet 127.0.0.1 netmask 0xff000000
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
[root# /home/osmund]# ping6 2001:db8:1::1
PING6(56=40+8+8 bytes) 2001:db8:1::1 --> 2001:db8:1::1
16 bytes from 2001:db8:1::1, icmp_seq=0 hlim=64 time=0.529 ms
16 bytes from 2001:db8:1::1, icmp_seq=1 hlim=64 time=0.133 ms
^C
--- 2001:db8:1::1 ping6 statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.133/0.331/0.529/0.198 ms
[root# /home/osmund]#

Have you tried to use bridged network instead?