Whilst configuring another shorewall firewall router for another site, I must have made some totally newbie error.... While directly on the cable modem, it works great. But when placed on the LAN side of my existing Shorewall box, the NEW shorwall box could not ping, or look up dns or anything else. If I shutdown shorewall (clear) in the NEW box then it could surf the net and ping etc. When connected to the cable modem directly and shorewall running it works great. It properly obtains a dhcp lease from either my main shorewall box OR my ISP''s dhpc server in either case. But with one shorewall behind the other, the second one can''t resolve names or ping. What have I overlooked in my haste??? Is there a diagnostic mode where I can (without changing all the config files) turn on logging of all rules so I can see where things are going awry? ______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/ (907) 790-3386
--On Monday, January 27, 2003 4:23 PM -0900 "John S. Andersen" <JAndersen@screenio.com> wrote:> Whilst configuring another shorewall firewall router > for another site, I must have made some totally newbie > error.... > > While directly on the cable modem, it works great. > > But when placed on the LAN side of my existing > Shorewall box, the NEW shorwall box could not ping, > or look up dns or anything else. > > If I shutdown shorewall (clear) in the NEW box then > it could surf the net and ping etc. When connected > to the cable modem directly and shorewall running > it works great. > > It properly obtains a dhcp lease from either my main > shorewall box OR my ISP''s dhpc server in either > case. > > But with one shorewall behind the other, the second > one can''t resolve names or ping. > > What have I overlooked in my haste??? >''norfc1918'' set on the external interface? -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
On 27 Jan 2003 at 17:28, Tom Eastep wrote: > > But when placed on the LAN side of my existing> > Shorewall box, the NEW shorwall box could not ping, > > or look up dns or anything else. > > What have I overlooked in my haste??? > > > > ''norfc1918'' set on the external interface?Exactly..... (sigh)... I think its beer-o-clock. Its not been my best day... Thanks... ______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/ (907) 790-3386_______________________________________ John S. Andersen NORCOM mailto:JAndersen@norcomsoftware.com Juneau, Alaska http://www.screenio.com/
--On Monday, January 27, 2003 4:57 PM -0900 "John S. Andersen" <jsa@norcomix.dyndns.org> wrote:>> >> ''norfc1918'' set on the external interface? > > Exactly..... (sigh)... > > I think its beer-o-clock. Its not been my best day... >Good plan -- the cocktail hour is well underway here in the Seattle area :-) -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net