thr3ads.net - Shorewall users - [Shorewall-users] loc interface doesn''t work [Nov 2002]

If this information is useful, please help other people find it:
Share via:

Al Erola

2002-Nov-12 14:55 UTC

[Shorewall-users] loc interface doesn''t work

--------------ms030804030402090303080508
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hi. Tom,

I''ve been able to run shorewall on a single machine and operate 
successfully.  But I''m not technically proficient in iptables.

Now I''ve built a separate PII firewall box with RH 8.0 for a family 
network of 4 Win98 PCs.  I''ve used the two-interface configuration 
recommended. The PII is cabled to an ADSL and into hubs for the other 
machines.

Here''s what''s (not) happening:
1.  With the firewall attached to network, I can ping my ISP or access 
the net (not current configuration).
2.  I cannot access any of the internal machines even when I''ve reset 
the static IPs to the internal 192.162.0.0/28 subnet.  I get a "Host 
unreachable" message on ping.
3.  When I "shorewall stop", I can ping the internal subnet.
4.  I did get this (or similar) configuration working for a short while, 
so I "think" my cabling is correct.  The pings work.

Here''s the output of my shorewall status.

I''d appreciate your diagnosis.  Thanks in advance.


Shorewall-1.3.10 Status at splash174.drizzle.com - Tue Nov 12 05:55:36 
PST 2002

Counters reset Mon Nov 11 19:59:56 PST 2002

Chain INPUT (policy DROP 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source 
destination
     8   896 ACCEPT     all  --  lo     *       0.0.0.0/0 
0.0.0.0/0
  2783  350K eth0_in    all  --  eth0   *       0.0.0.0/0 
0.0.0.0/0
     0     0 eth1_in    all  --  eth1   *       0.0.0.0/0 
0.0.0.0/0
     0     0 common     all  --  *      *       0.0.0.0/0 
0.0.0.0/0
     0     0 LOG        all  --  *      *       0.0.0.0/0 
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:''
     0     0 reject     all  --  *      *       0.0.0.0/0 
0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source 
destination
   274 21652 eth0_fwd   all  --  eth0   *       0.0.0.0/0 
0.0.0.0/0
     0     0 eth1_fwd   all  --  eth1   *       0.0.0.0/0 
0.0.0.0/0
     0     0 common     all  --  *      *       0.0.0.0/0 
0.0.0.0/0
     0     0 LOG        all  --  *      *       0.0.0.0/0 
0.0.0.0/0          LOG flags 0 level 6 prefix
`Shorewall:FORWARD:REJECT:''
     0     0 reject     all  --  *      *       0.0.0.0/0 
0.0.0.0/0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source 
destination
     8   896 ACCEPT     all  --  *      lo      0.0.0.0/0 
0.0.0.0/0
   173 18162 ACCEPT     icmp --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW,RELATED,ESTABLISHED
     0     0 fw2net     all  --  *      eth0    0.0.0.0/0 
216.162.197.168/29
   208 38356 fw2net     all  --  *      eth0    0.0.0.0/0 
0.0.0.0/0
     0     0 all2all    all  --  *      eth1    0.0.0.0/0 
192.168.0.0/29
     0     0 all2all    all  --  *      eth1    0.0.0.0/0 
0.0.0.0/0
     0     0 common     all  --  *      *       0.0.0.0/0 
0.0.0.0/0
     0     0 LOG        all  --  *      *       0.0.0.0/0 
0.0.0.0/0          LOG flags 0 level 6 prefix
`Shorewall:OUTPUT:REJECT:''
     0     0 reject     all  --  *      *       0.0.0.0/0 
0.0.0.0/0

Chain all2all (4 references)
  pkts bytes target     prot opt in     out     source 
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0 
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 common     all  --  *      *       0.0.0.0/0 
0.0.0.0/0
     0     0 LOG        all  --  *      *       0.0.0.0/0 
0.0.0.0/0          LOG flags 0 level 6 prefix
`Shorewall:all2all:REJECT:''
     0     0 reject     all  --  *      *       0.0.0.0/0 
0.0.0.0/0

Chain blacklst (2 references)
  pkts bytes target     prot opt in     out     source 
destination

Chain common (5 references)
  pkts bytes target     prot opt in     out     source 
destination
     0     0 icmpdef    icmp --  *      *       0.0.0.0/0 
0.0.0.0/0
     0     0 DROP       tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state INVALID
  2527  270K REJECT     udp  --  *      *       0.0.0.0/0 
0.0.0.0/0          udp dpts:137:139 reject-with icmp-port-unreachable
     0     0 REJECT     udp  --  *      *       0.0.0.0/0 
0.0.0.0/0          udp dpt:445 reject-with icmp-port-unreachable
     0     0 reject     tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          tcp dpt:135
     0     0 DROP       udp  --  *      *       0.0.0.0/0 
0.0.0.0/0          udp dpt:1900
     6   294 DROP       all  --  *      *       0.0.0.0/0 
255.255.255.255
     0     0 DROP       all  --  *      *       0.0.0.0/0 
224.0.0.0/4
     0     0 reject     tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          tcp dpt:113
     0     0 DROP       udp  --  *      *       0.0.0.0/0 
0.0.0.0/0          udp spt:53 state NEW
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          tcp flags:0x10/0x10
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          tcp flags:0x04/0x04
     0     0 DROP       all  --  *      *       0.0.0.0/0 
216.162.197.175
     0     0 DROP       all  --  *      *       0.0.0.0/0 
192.168.0.15

Chain dynamic (4 references)
  pkts bytes target     prot opt in     out     source 
destination

Chain eth0_fwd (1 references)
  pkts bytes target     prot opt in     out     source 
destination
   274 21652 dynamic    all  --  *      *       0.0.0.0/0 
0.0.0.0/0
   274 21652 rfc1918    all  --  *      *       0.0.0.0/0 
0.0.0.0/0
     0     0 blacklst   all  --  *      *       0.0.0.0/0 
0.0.0.0/0
     0     0 net2net    all  --  *      eth0    216.162.197.168/29 
216.162.197.168/29
     0     0 net2net    all  --  *      eth0    216.162.197.168/29 
0.0.0.0/0
     0     0 net2net    all  --  *      eth0    0.0.0.0/0 
216.162.197.168/29
     0     0 net2net    all  --  *      eth0    0.0.0.0/0 
0.0.0.0/0
     0     0 net2all    all  --  *      eth1    216.162.197.168/29 
192.168.0.0/29
     0     0 net2all    all  --  *      eth1    216.162.197.168/29 
0.0.0.0/0
     0     0 net2all    all  --  *      eth1    0.0.0.0/0 
192.168.0.0/29
     0     0 net2all    all  --  *      eth1    0.0.0.0/0 
0.0.0.0/0

Chain eth0_in (1 references)
  pkts bytes target     prot opt in     out     source 
destination
  2783  350K dynamic    all  --  *      *       0.0.0.0/0 
0.0.0.0/0
  2783  350K rfc1918    all  --  *      *       0.0.0.0/0 
0.0.0.0/0
  2783  350K blacklst   all  --  *      *       0.0.0.0/0 
0.0.0.0/0
     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0 
0.0.0.0/0          icmp type 8
  2368  258K net2all    all  --  *      *       216.162.197.168/29 
0.0.0.0/0
   415 92670 net2all    all  --  *      *       0.0.0.0/0 
0.0.0.0/0

Chain eth1_fwd (1 references)
  pkts bytes target     prot opt in     out     source 
destination
     0     0 dynamic    all  --  *      *       0.0.0.0/0 
0.0.0.0/0
     0     0 loc2net    all  --  *      eth0    192.168.0.0/29 
216.162.197.168/29
     0     0 loc2net    all  --  *      eth0    192.168.0.0/29 
0.0.0.0/0
     0     0 loc2net    all  --  *      eth0    0.0.0.0/0 
216.162.197.168/29
     0     0 loc2net    all  --  *      eth0    0.0.0.0/0 
0.0.0.0/0
     0     0 loc2loc    all  --  *      eth1    192.168.0.0/29 
192.168.0.0/29
     0     0 loc2loc    all  --  *      eth1    192.168.0.0/29 
0.0.0.0/0
     0     0 loc2loc    all  --  *      eth1    0.0.0.0/0 
192.168.0.0/29
     0     0 loc2loc    all  --  *      eth1    0.0.0.0/0 
0.0.0.0/0

Chain eth1_in (1 references)
  pkts bytes target     prot opt in     out     source 
destination
     0     0 dynamic    all  --  *      *       0.0.0.0/0 
0.0.0.0/0
     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0 
0.0.0.0/0          icmp type 8
     0     0 loc2fw     all  --  *      *       192.168.0.0/29 
0.0.0.0/0
     0     0 loc2fw     all  --  *      *       0.0.0.0/0 
0.0.0.0/0

Chain fw2net (2 references)
  pkts bytes target     prot opt in     out     source 
destination
   142 33503 ACCEPT     all  --  *      *       0.0.0.0/0 
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW tcp dpt:53
     6   405 ACCEPT     udp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW udp dpt:53
    60  4448 ACCEPT     all  --  *      *       0.0.0.0/0 
0.0.0.0/0

Chain icmpdef (1 references)
  pkts bytes target     prot opt in     out     source 
destination

Chain loc2fw (2 references)
  pkts bytes target     prot opt in     out     source 
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0 
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW tcp dpt:22
     0     0 all2all    all  --  *      *       0.0.0.0/0 
0.0.0.0/0

Chain loc2loc (4 references)
  pkts bytes target     prot opt in     out     source 
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0 
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 all2all    all  --  *      *       0.0.0.0/0 
0.0.0.0/0

Chain loc2net (4 references)
  pkts bytes target     prot opt in     out     source 
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0 
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0 
0.0.0.0/0

Chain logdrop (27 references)
  pkts bytes target     prot opt in     out     source 
destination
   274 21652 LOG        all  --  *      *       0.0.0.0/0 
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:rfc1918:DROP:''
   274 21652 DROP       all  --  *      *       0.0.0.0/0 
0.0.0.0/0

Chain net2all (7 references)
  pkts bytes target     prot opt in     out     source 
destination
   198 77244 ACCEPT     all  --  *      *       0.0.0.0/0 
0.0.0.0/0          state RELATED,ESTABLISHED
  2585  273K common     all  --  *      *       0.0.0.0/0 
0.0.0.0/0
    52  2556 LOG        all  --  *      *       0.0.0.0/0 
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:''
    52  2556 DROP       all  --  *      *       0.0.0.0/0 
0.0.0.0/0

Chain net2net (4 references)
  pkts bytes target     prot opt in     out     source 
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0 
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 net2all    all  --  *      *       0.0.0.0/0 
0.0.0.0/0

Chain reject (6 references)
  pkts bytes target     prot opt in     out     source 
destination
     0     0 REJECT     tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          reject-with tcp-reset
     0     0 REJECT     all  --  *      *       0.0.0.0/0 
0.0.0.0/0          reject-with icmp-port-unreachable

Chain rfc1918 (2 references)
  pkts bytes target     prot opt in     out     source 
destination
     0     0 RETURN     all  --  *      *       255.255.255.255 
0.0.0.0/0
     0     0 DROP       all  --  *      *       169.254.0.0/16 
0.0.0.0/0
     0     0 logdrop    all  --  *      *       172.16.0.0/12 
0.0.0.0/0
     0     0 logdrop    all  --  *      *       192.0.2.0/24 
0.0.0.0/0
   274 21652 logdrop    all  --  *      *       192.168.0.0/16 
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/7 
0.0.0.0/0
     0     0 logdrop    all  --  *      *       2.0.0.0/8 
0.0.0.0/0
     0     0 logdrop    all  --  *      *       5.0.0.0/8 
0.0.0.0/0
     0     0 logdrop    all  --  *      *       7.0.0.0/8 
0.0.0.0/0
     0     0 logdrop    all  --  *      *       10.0.0.0/8 
0.0.0.0/0
     0     0 logdrop    all  --  *      *       23.0.0.0/8 
0.0.0.0/0
     0     0 logdrop    all  --  *      *       27.0.0.0/8 
0.0.0.0/0
     0     0 logdrop    all  --  *      *       31.0.0.0/8 
0.0.0.0/0
     0     0 logdrop    all  --  *      *       36.0.0.0/7 
0.0.0.0/0
     0     0 logdrop    all  --  *      *       39.0.0.0/8 
0.0.0.0/0
     0     0 logdrop    all  --  *      *       41.0.0.0/8 
0.0.0.0/0
     0     0 logdrop    all  --  *      *       42.0.0.0/8 
0.0.0.0/0
     0     0 logdrop    all  --  *      *       58.0.0.0/7 
0.0.0.0/0
     0     0 logdrop    all  --  *      *       60.0.0.0/8 
0.0.0.0/0
     0     0 logdrop    all  --  *      *       70.0.0.0/7 
0.0.0.0/0
     0     0 logdrop    all  --  *      *       72.0.0.0/5 
0.0.0.0/0
     0     0 logdrop    all  --  *      *       82.0.0.0/7 
0.0.0.0/0
     0     0 logdrop    all  --  *      *       84.0.0.0/6 
0.0.0.0/0
     0     0 logdrop    all  --  *      *       88.0.0.0/5 
0.0.0.0/0
     0     0 logdrop    all  --  *      *       96.0.0.0/3 
0.0.0.0/0
     0     0 logdrop    all  --  *      *       127.0.0.0/8 
0.0.0.0/0
     0     0 logdrop    all  --  *      *       197.0.0.0/8 
0.0.0.0/0
     0     0 logdrop    all  --  *      *       222.0.0.0/7 
0.0.0.0/0
     0     0 logdrop    all  --  *      *       240.0.0.0/4 
0.0.0.0/0

Chain shorewall (0 references)
  pkts bytes target     prot opt in     out     source 
destination


--------------ms030804030402090303080508
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIIcjCC
ApcwggIAoAMCAQICAwhiYzANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCWkExFTATBgNV
BAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUx
HTAbBgNVBAsTFENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVl
bWFpbCBSU0EgMjAwMC44LjMwMB4XDTAyMTAwMTA1MDIyMFoXDTAzMTAwMTA1MDIyMFowRzEf
MB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEkMCIGCSqGSIb3DQEJARYVd2Flcm9s
YTFAbmV0c2NhcGUubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJDFsEW2s4V2UF
7YHCQW7g1A7FaK/r1v+/1KNtdpMNlfS8REp17ftv2grQHE1qD3T3p27TkCnWQ5/OzJ7H8A3I
TY7Wih3UODFcByW0Kpne9wG4SzOPJQa/PoOpu4IBlGPcLOAzdDPFZYT1t8Ceb7TSb8RD0pD/
Ke5IX6B/JmklAwIDAQABo0UwQzARBglghkgBhvhCAQEEBAMCBaAwIAYDVR0RBBkwF4EVd2Fl
cm9sYTFAbmV0c2NhcGUubmV0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAXunr
yVQ4ZD/5W9PqxIexYAc2wOtD1fN4PSVKyg69lHj8MOLHk5H+RqVXwi1SHVKCBf07rkNo2AIz
zKLzGJ9LKp2XfTAJOsQW7jaHR9CawwAGIqpUHWEwLM5QWG3BaGG0kjtlt4wQHpGANGt1knsj
MmqxCrYVpuiFMMUykO01GPEwggKXMIICAKADAgECAgMIYmMwDQYJKoZIhvcNAQEEBQAwgZIx
CzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93
bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEoMCYG
A1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMDAeFw0wMjEwMDEwNTAyMjBa
Fw0wMzEwMDEwNTAyMjBaMEcxHzAdBgNVBAMTFlRoYXd0ZSBGcmVlbWFpbCBNZW1iZXIxJDAi
BgkqhkiG9w0BCQEWFXdhZXJvbGExQG5ldHNjYXBlLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOB
jQAwgYkCgYEAyQxbBFtrOFdlBe2BwkFu4NQOxWiv69b/v9SjbXaTDZX0vERKde37b9oK0BxN
ag9096du05Ap1kOfzsyex/ANyE2O1ood1DgxXAcltCqZ3vcBuEszjyUGvz6DqbuCAZRj3Czg
M3QzxWWE9bfAnm+00m/EQ9KQ/ynuSF+gfyZpJQMCAwEAAaNFMEMwEQYJYIZIAYb4QgEBBAQD
AgWgMCAGA1UdEQQZMBeBFXdhZXJvbGExQG5ldHNjYXBlLm5ldDAMBgNVHRMBAf8EAjAAMA0G
CSqGSIb3DQEBBAUAA4GBAF7p68lUOGQ/+VvT6sSHsWAHNsDrQ9XzeD0lSsoOvZR4/DDix5OR
/kalV8ItUh1SggX9O65DaNgCM8yi8xifSyqdl30wCTrEFu42h0fQmsMABiKqVB1hMCzOUFht
wWhhtJI7ZbeMEB6RgDRrdZJ7IzJqsQq2FabohTDFMpDtNRjxMIIDODCCAqGgAwIBAgIQZkVy
t8x09c9jdkWE0C6RATANBgkqhkiG9w0BAQQFADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgT
DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29u
c3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIG
A1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJz
b25hbC1mcmVlbWFpbEB0aGF3dGUuY29tMB4XDTAwMDgzMDAwMDAwMFoXDTA0MDgyNzIzNTk1
OVowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNh
cGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNl
czEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMDCBnzANBgkqhkiG
9w0BAQEFAAOBjQAwgYkCgYEA3jMypmPHCSVFPtJueCdngcXaiBmClw7jRCmKYzUqbXA8+tyu
9+50bzC8M5B/+TRxoKNtmPHDT6Jl2w36S/HW3WGl+YXNVZo1Gp2Sdagnrthy+boC9tewkd4c
6avgGAOofENCUFGHgzzwObSbVIoTh/+zm51JZgAtCYnslGvpoWkCAwEAAaNOMEwwKQYDVR0R
BCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDEtMjk3MBIGA1UdEwEB/wQIMAYBAf8C
AQAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBAUAA4GBADGxS0dd+QFx5fVTbF151j2YwCYT
YoEipxL4IpXoG0m3J3sEObr85vIk65H6vewNKjj3UFWobPcNrUwbvAP0teuiR59sogxYjTFC
CRFssBpp0SsSskBdavl50OouJd2K5PzbDR+dAvNa28o89kTqJmmHf0iezqWf54TYyWJirQXG
MYICpjCCAqICAQEwgZowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUx
EjAQBgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZp
Y2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4z
MAIDCGJjMAkGBSsOAwIaBQCgggFhMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI
hvcNAQkFMQ8XDTAyMTExMjE0NTUxOVowIwYJKoZIhvcNAQkEMRYEFIqdUchIWowtOCgLJl8v
YpvyHLGhMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0G
CCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGtBgsqhkiG9w0BCRACCzGB
naCBmjCBkjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ
Q2FwZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsTFENlcnRpZmljYXRlIFNlcnZp
Y2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0EgMjAwMC44LjMwAgMIYmMwDQYJ
KoZIhvcNAQEBBQAEgYAtQ2AtTG871lJxLhlNSeOVnILrAJ10XZ7s4HyYSSCdeyX8LbpbC2EI
rgl+seo4mffihxVSAlSSFM4kXqnBGD+Q8BSkYNk/xZJfl6I9yBKHxYb4MpPUWR1LsIIOf6yW
QtAnHv+aacQNywCbYGCnTszcgcyxncKTp5p9HKHYCNJJKgAAAAAAAA=
--------------ms030804030402090303080508--

Tom Eastep

2002-Nov-12 15:19 UTC

head link

[Shorewall-users] loc interface doesn''t work

--On Tuesday, November 12, 2002 06:55:18 AM -0800 Al Erola 
<waerola1@netscape.net> wrote:
> Hi. Tom,
>
> I''ve been able to run shorewall on a single machine and operate
> successfully.  But I''m not technically proficient in iptables.
>
> Now I''ve built a separate PII firewall box with RH 8.0 for a
family
> network of 4 Win98 PCs.  I''ve used the two-interface configuration
> recommended. The PII is cabled to an ADSL and into hubs for the other
> machines.
Hubs? (plural?)
>
> Here''s what''s (not) happening:
> 1.  With the firewall attached to network, I can ping my ISP or access
> the net (not current configuration).
You can ping from where? The firewall? Local Hosts?

2.  I cannot access any of the> internal machines even when I''ve reset the static IPs to the
internal
> 192.162.0.0/28 subnet.  I get a "Host unreachable" message on
ping.
Again, from where? The firewall? From other local systems?
> 3. When I "shorewall stop", I can ping the internal subnet.
>From the firewall?
> 4.  I did get this (or similar) configuration working for a short while,
> so I "think" my cabling is correct.  The pings work.
>
So once you got it working, you "fixed it" huh :-)
> Here''s the output of my shorewall status.
>
> I''d appreciate your diagnosis.  Thanks in advance.
>
Please tar up your configuration and send it to me. From looking at your 
rules, your zone definitions look all screwed up as if you were using 
/etc/shorewall/hosts.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://shorewall.sf.net
ICQ: #60745924  \ teastep@shorewall.net

Shorewall users - Nov 2002 - loc interface doesn''t work

[Shorewall-users] loc interface doesn''t work

[Shorewall-users] loc interface doesn''t work