Hi tom, I set things up as per your recommendation. I can browse the net from the internal network, and then applied the other rules as you indicated. I still get the FORWARD:REJECT response on traffic destined to the servers. I have attached the dump. I hope we can get this resolved. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Marcus Limosani wrote:> Hi tom, > > > > I set things up as per your recommendation. > > > > I can browse the net from the internal network, and then applied the > other rules as you indicated. > > I still get the FORWARD:REJECT response on traffic destined to the servers. > > > > I have attached the dump. I hope we can get this resolved.In /etc/shorewall/nat, you have typed 203.25.162.42 rather than 203.35.162.42. -Tom -- Tom Eastep \ The ultimate result of shielding men from the Shoreline, \ effects of folly is to fill the world with fools. Washington, USA \ -Herbert Spencer http://shorewall.net \________________________________________________ ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Tom Eastep wrote:> Marcus Limosani wrote: >> Hi tom, >> >> >> >> I set things up as per your recommendation. >> >> >> >> I can browse the net from the internal network, and then applied the >> other rules as you indicated. >> >> I still get the FORWARD:REJECT response on traffic destined to the servers. >> >> >> >> I have attached the dump. I hope we can get this resolved. > > In /etc/shorewall/nat, you have typed 203.25.162.42 rather than > 203.35.162.42.Oh -- and you have also configured 203.35.162,.42 and (the incorrect) 203.25.162.42 as ip addresses on ppp0 for some unknown reason. Given that packets with those (corrected) addresses are being routed to your firewall by your ISP, there is no need to define them as addresses on the firewall. -Tom -- Tom Eastep \ The ultimate result of shielding men from the Shoreline, \ effects of folly is to fill the world with fools. Washington, USA \ -Herbert Spencer http://shorewall.net \________________________________________________ ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Tom Eastep wrote:> Tom Eastep wrote: >> Marcus Limosani wrote: >>> Hi tom, >>> >>> >>> >>> I set things up as per your recommendation. >>> >>> >>> >>> I can browse the net from the internal network, and then applied the >>> other rules as you indicated. >>> >>> I still get the FORWARD:REJECT response on traffic destined to the servers. >>> >>> >>> >>> I have attached the dump. I hope we can get this resolved. >> In /etc/shorewall/nat, you have typed 203.25.162.42 rather than >> 203.35.162.42. > > Oh -- and you have also configured 203.35.162,.42 and (the incorrect) > 203.25.162.42 as ip addresses on ppp0 for some unknown reason. Given > that packets with those (corrected) addresses are being routed to your > firewall by your ISP, there is no need to define them as addresses on > the firewall.Given that the incorrect IP address (203.25.162.42) was added, I suspect that you have set ADD_IP_ALIASES=Yes in shorewall.conf; you can set that option to ''No''. -Tom -- Tom Eastep \ The ultimate result of shielding men from the Shoreline, \ effects of folly is to fill the world with fools. Washington, USA \ -Herbert Spencer http://shorewall.net \________________________________________________ ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/