Hello! What this log could tell me to find a solution? "Oct 29 13:21:05 nordy kernel: Shorewall:all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.1.2 DST=64.xxx.xxx.xxx LEN=117 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP SPT=33146 DPT=161 LEN=97 " eth2 is my dmz interface at firewall and eth0 is my Internet interface. I can ping from dmz server to eth0, but not to Internet. It''s a route problem or it could be a erro at my rules? _________________________________________________________________ Unlimited Internet access for only $21.95/month. Try MSN! http://resourcecenter.msn.com/access/plans/2monthsfree.asp
David Silva wrote:> Hello! > > What this log could tell me to find a solution? > > "Oct 29 13:21:05 nordy kernel: Shorewall:all2all:REJECT:IN=eth2 OUT=eth0 > SRC=192.168.1.2 DST=64.xxx.xxx.xxx LEN=117 TOS=0x00 PREC=0x00 TTL=63 > ID=0 DF PROTO=UDP SPT=33146 DPT=161 LEN=97 " > > eth2 is my dmz interface at firewall and eth0 is my Internet interface. > I can ping from dmz server to eth0, but not to Internet. It''s a route > problem or it could be a erro at my rules? >In the future, please refer to http://www.shorewall.net/FAQ.htm#faq17 -- it will tell you why this particular message is being issued. In your case, you need an SNMP rule from the dmz zone to the net zone. You can interpret the above message with the help of the information at http://www.shorewall.net/troubleshoot.htm. Finally, if you want to be able to ping from the dmz to the net you have to enable it. I''m sorry but I don''t have the time to walk you through ping configuration right now. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
David Silva wrote:> > eth2 is my dmz interface at firewall and eth0 is my Internet interface. > I can ping from dmz server to eth0, but not to Internet. It''s a route > problem or it could be a erro at my rules? >How did you go about configuring Shorewall to use a DMZ? If you started with the three-interface sample configuration and followed the three-interface QuickStart Guide (http://www.shorewall.net/three-interface.htm) then you shouldn''t have this kind of problem. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net