Shorewall users - Aug 2002 - two-interface, checked everything, STILL does not work!

Hi all,

 I''m trying to set up a ''two-interface'' config but it
keeps failing. I
read all the FAQs and support but nothing helps.

Currently i''m using the latest version on RH 7.2 with iptable1.2.4,
PPPOE,
and 192.168.1.1 as my gateway and 192.168.1.0/24 as my network.

I was using another IPTable script and it works fine so it should not be
network setup problem.

The script itself seem to run fine, but it is blocking my whole network! I
cannot ping yahoo from my firewall, cannot ping my internal clients
eg:192.168.1.1, clients cannot get through internet, cannot go to
firewall, cannot www. Everything''s blocked.~~~

I have enable port 53 from fw to net as well as enabling all connections
out from the fw, but it is still not working =(

Any help would be greatly appreciated !!
Thank you

  Leo

My config as follow:
--zones --
#ZONE   DISPLAY         COMMENTS
net     Net             Internet
loc     Local           Local networks
--  interfaces --
#ZONE    INTERFACE      BROADCAST       OPTIONS
net     ppp0    -       dhcp,routefilter,norfc1918
loc     eth0    detect  routestopped     # i tried chaning "detect" to
                                         # 192.168.1.255 but doesn''t
work
-- policy --
#SOURCE         DEST            POLICY          LOG LEVEL
LIMIT:BURST loc             net             ACCEPT
fw              net             ACCEPT
net             all             DROP            info
all             all             REJECT          info
-- masq --
#INTERFACE              SUBNET          ADDRESS
ppp0                    192.168.1.0/24   # i tried changing ppp0 to eth1
                                         # but still doesn''t work
-- rules --
# FILTER RULES from INTERNET to firewall server
ACCEPT  net     fw      tcp     21,22,23,25,53,80,110,443,65500:65535 #
FILTER RULE from local net to firewall server
ACCEPT  loc     fw      tcp
20,21,22,23,25,80,110,137,139,443,65500:65535 # samba
ACCEPT  loc     fw      udp     137:139
ACCEPT  loc     fw      udp     1024:   137
ACCEPT  fw      loc     tcp     137,139
ACCEPT  fw      loc     udp     137:139
ACCEPT  fw      loc     udp     1024:   137
# outgoing to dns
ACCEPT  fw      net     tcp     53
ACCEPT  fw      net     udp     53     # <---- enable fw to net port 53


Thank you again !

>
> The script itself seem to run fine, but it is blocking my whole network! I
> cannot ping yahoo from my firewall, cannot ping my internal clients
> eg:192.168.1.1, clients cannot get through internet, cannot go to
> firewall, cannot www. Everything''s blocked.~~~
Have you looked at "shorewall show log" output?

-Tom
--=20
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net