Hi I have a problem with Shorewall on my two-interface connection. I run Debian unstable. The setup looks like this: Internet -------- router ------- server 213.237.12.137 192.168.1.3 192.168.1.2 192.168.0.7 --- local net 192.168.0.{...} I can ping the server from the local net, and the local net from the server. I can send mail between the server <--> local net. The server is visible and working towards the Internet (mail, DNS and web). But the local net cannot communicate with the Internet. I cannot se what could be wrong here. I had to switch off the norfc1918 option because I got a lot of errors when the router communicated with the system. My configuration is appended to this mail. Can anyone help? Thanks in advance John
On Wed, 2004-12-15 at 23:10 +0100, John Plate wrote:> > Can anyone help?You need to set IP_FORWARDING=Yes in shorewall.conf (This is a Debianism). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Wed, 2004-12-15 at 14:40 -0800, Tom Eastep wrote:> On Wed, 2004-12-15 at 23:10 +0100, John Plate wrote: > > > > > Can anyone help? > > You need to set IP_FORWARDING=Yes in shorewall.conf (This is a > Debianism).Note that this is mentioned in the Two-interface QuickStart Guide: "If you are using the Debian package, please check your shorewall.conf file to ensure that the following are set correctly; if they are not, change them appropriately: * NAT_ENABLED=Yes (Shorewall versions earlier than 1.4.6) * IP_FORWARDING=On" -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> > You need to set IP_FORWARDING=Yes in shorewall.conf (This is a > > Debianism). > > Note that this is mentioned in the Two-interface QuickStart Guide: > > "If you are using the Debian package, please check your shorewall.conf > file to ensure that the following are set correctly; if they are not, > change them appropriately: > > * NAT_ENABLED=Yes (Shorewall versions earlier than 1.4.6) > > * IP_FORWARDING=On"Shame on me :( Thanks a lot - it works now! John