Rajeev Sharda
2003-Sep-14 04:24 UTC
[Shorewall-users] can not browse the net from local network.
hi list,
i''m new to linux and shorewall. i''m facing a problem to browse
the net from
local network.
IF my client machines are connected to firewall via switch, then can not
browse the internet but i can ping any site using fqdn like
(www.google.com).
IF i connect a single pc directly to the firewall using cross-over cable to
the internal interface, then i''m able to browse the internet
successfully
without making any changes to firewall policy/rules.
my configuration is :
Internet
|
|
router ----------------> (202.202.202.1)
|
|
|---------------------> external
interface eth1 (202.202.202.5)
shorewall firewall
|---------------------> internal
interface eth0 (192.168.1.2)
|
switch
|
-----------------------------
| |
PC1 PC2
ip:192.168.1.10 ip:192.168.1.11
m:255.255.255.0 m:255.255.255.0
g:192.168.1.2 g:192.168.1.2
shorewall default policy: & no firewall rules define
src zone dest zone policy
loc net ACCEPT
loc firewall ACCEPT
firewall loc ACCEPT
firewall net ACCEPT
net any DROP
any any REJECT
whats wrong with configuration??? pls help me.
-rajeev.
_________________________________________________________________
MSN Hotmail now on your Mobile phone.
http://server1.msn.co.in/sp03/mobilesms/ Click here.
Robert Kehl
2003-Sep-14 05:40 UTC
[Shorewall-users] can not browse the net from local network.
From: "Rajeev Sharda" <r_sharda@hotmail.com> Subject: [Shorewall-users] can not browse the net from local network.> IF my client machines are connected to firewall via switch, then cannot> browse the internet but i can ping any site using fqdn like > (www.google.com). > > IF i connect a single pc directly to the firewall using cross-overcable to> the internal interface, then i''m able to browse the internetsuccessfully> without making any changes to firewall policy/rules.Did you set anything in the ''masq'' file? #INTERFACE SUBNET ADDRESS eth1 eth0 hth, Robert kehl
Nick Sklavenitis
2003-Sep-14 10:21 UTC
[Shorewall-users] can not browse the net from local network.
On Sun, 2003-09-14 at 08:40, Robert Kehl wrote:> From: "Rajeev Sharda" <r_sharda@hotmail.com> > Subject: [Shorewall-users] can not browse the net from local network. > > > > IF my client machines are connected to firewall via switch, then can > not > > browse the internet but i can ping any site using fqdn like > > (www.google.com). > > > > IF i connect a single pc directly to the firewall using cross-over > cable to > > the internal interface, then i''m able to browse the internet > successfully > > without making any changes to firewall policy/rules. > > Did you set anything in the ''masq'' file? > #INTERFACE SUBNET ADDRESS > eth1 eth0 > > hth, > > Robert kehl >I had the same issue with the latest shorewall i had to downgrade to a lower version 1.4.5 in order for my issue to go away the configs are all setup properly. try issuing a shorewall restart and im betting the problem goes away. it will come back mostlikely. I think it has todo with how many route shorewall can handle because my problem has started recently with all the attacks arriving due to blaster and kernel using the kill route option. i think anyways.> _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: http://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
Tom Eastep
2003-Sep-14 19:04 UTC
[Shorewall-users] can not browse the net from local network.
On Sun, 14 Sep 2003, Nick Sklavenitis wrote:> try issuing a shorewall restart and im betting the problem goes away. > it will come back mostlikely. > > I think it has todo with how many route shorewall can handle because my > problem has started recently with all the attacks arriving due to > blaster and kernel using the kill route option. i think anyways. >Complete FUD.... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Alex Martin
2003-Sep-14 20:33 UTC
[Shorewall-users] can not browse the net from local network.
I can''t seem to find FUD in the Shorewall documentation.....;) Any help? ----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Shorewall Users Mailing List" <shorewall-users@lists.shorewall.net> Sent: Sunday, September 14, 2003 8:03 PM Subject: Re: [Shorewall-users] can not browse the net from local network.> On Sun, 14 Sep 2003, Nick Sklavenitis wrote: > > > try issuing a shorewall restart and im betting the problem goes away. > > it will come back mostlikely. > > > > I think it has todo with how many route shorewall can handle because my > > problem has started recently with all the attacks arriving due to > > blaster and kernel using the kill route option. i think anyways. > > > > Complete FUD.... > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:http://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >
Rajeev Sharda
2003-Sep-15 01:45 UTC
[Shorewall-users] can not browse the net from local network.
yes!!!, masq file has this entry.. -rajeev.>>IF my client machines are connected to firewall via switch, then cannot>>browse the internet but i can ping any site using fqdn like >>(www.google.com). >> >>IF i connect a single pc directly to the firewall using cross-overcable to>>the internal interface, then i''m able to browse the internetsuccessfully>>without making any changes to firewall policy/rules.>Did you set anything in the ''masq'' file? >#INTERFACE SUBNET ADDRESS >eth1 eth0>hth,>Robert kehl_________________________________________________________________ Access Hotmail from your mobile now. http://server1.msn.co.in/sp03/mobilesms/ Click here.